CCIE Written Blueprint: 1.1.d Explain IP operations

1.1.d (i) ICMP unreachable, redirect

ICMP Unreachable

Generated by a host or gateway to indicate that the packet was discarded as the destination is unreachable. It will not be generated for multicast traffic. It is sub-divided into 15 types as follows:

Code Value Message Subtype Description
0 Network Unreachable The datagram could not be delivered to the network specified in the network ID portion of the IP address. Usually means a problem with routing but could also be caused by a bad address.
1 Host Unreachable The datagram was delivered to the network specified in the network ID portion of the IP address but could not be sent to the specific host indicated in the address. Again, this usually implies a routing issue.
2 Protocol Unreachable The protocol specified in the Protocol field was invalid for the host to which the datagram was delivered.
3 Port Unreachable The destination port specified in the UDP or TCP header was invalid.
4 Fragmentation Needed and DF Set The MTU is smaller than the packet size, and the router is not allowed to fragment the packet.This message type is most often used in a “clever” way, by intentionally sending messages of increasing size to discover the maximum transmission size that a link can handle. This process is called MTU path discovery.
5 Source Route Failed Generated if a source route was specified for the datagram in an option but a router could not forward the datagram to the next step in the route.
6 Destination Network Unknown Not used; Code 0 is used instead.
7 Destination Host Unknown The host specified is not known. This is usually generated by a router local to the destination host and usually means a bad address.
8 Source Host Isolated Obsolete, no longer used.
9 Communication with Destination Network is Administratively Prohibited The source device is not allowed to send to the network where the destination device is located.
10 Communication with Destination Host is Administratively Prohibited The source device is allowed to send to the network where the destination device is located, but not that particular device.
11 Destination Network Unreachable for Type of Service The network specified in the IP address cannot be reached due to inability to provide service specified in the Type Of Service field of the datagram header.
12 Destination Host Unreachable for Type of Service The destination host specified in the IP address cannot be reached due to inability to provide service specified in the datagram’s Type Of Service field.
13 Communication Administratively Prohibited The datagram could not be forwarded due to filtering that blocks the message based on its contents.
14 Host Precedence Violation Sent by a first-hop router (the first router to handle a sent datagram) when the Precedence value in the Type Of Service field is not permitted.
15 Precedence Cutoff In Effect Sent by a router when receiving a datagram whose Precedence value (priority) is lower than the minimum allowed for the network at that time.

ICMP Redirect

Used to notify a host that a better next hop is available for exit from that network. If two routers are on a network sharing routing information, and one is connected to an external network, it makes little sense for a host to have two hops to exit the network, so the router will send an ICMP redirect back to the host to tell it to use the other router.

Cisco routers send ICMP redirects when all of these conditions are met:

  • The interface on which the packet comes into the router is the same interface on which the packet gets routed out.
  • The subnet or network of the source IP address is on the same subnet or network of the next-hop IP address of the routed packet.
  • The datagram is not source-routed.
  • The kernel is configured to send redirects. (By default, Cisco routers send ICMP redirects. The interface subcommand no ip redirects can be used to disable ICMP redirects.)

1.1.d (ii) IPv4 options, IPv6 extension headers

IPv4 Options primarily used for network testing / debugging.

  • Record Route – Each router on the route records it’s address in the header. The destination then returns this information to the originator. It is limited to 9 hops, because that is all the header can hold.
  • Source Route – The sender specifies the route through the network. Uses the same format as record route, only the sender pre-populates the IP’s in the header. Can be Strict – the path has to be exactly as specified, hop by hop, or Loose – Allows multiple hops between addresses in the list.
  • Timestamp – Same as record route, but each router also adds a timestamp.

IPv6 Extension Headers:

  • Hop-by-Hop EH is used for the support of Jumbo-grams or, with the Router Alert option, it is an integral part in the operation of MLD. Router Alert [3] is an integral part in the operations of IPv6 Multicast through Multicast Listener Discovery (MLD) and RSVP for IPv6.
  • Destination EH is used in IPv6 Mobility as well as support of certain applications.
  • Routing EH is used in IPv6 Mobility and in Source Routing. It may be necessary to disable "IPv6 source routing" on routers to protect against DDoS.
  • Fragmentation EH is critical in support of communication using fragmented packets (in IPv6, the traffic source must do fragmentation-routers do not perform fragmentation of the packets they forward)
  • Mobility EH is used in support of Mobile IPv6 service
  • Authentication EH is similar in format and use to the IPv4 authentication header defined in RFC2402 [4].
  • Encapsulating Security Payload EH is similar in format and use to the IPv4 ESP header defined in RFC2406 [5]. All information following the Encapsulating Security Header (ESH) is encrypted and for that reason, it is inaccessible to intermediary network devices. The ESH can be followed by an additional Destination Options EH and the upper layer datagram.

1.1.d (iii) IPv4 and IPv6 fragmentation


When a router receives a packet, and the MTU of the output interface is smaller than the size of the packet, the router will fragment the packet if the DF bit is not set. The MF (more fragments) bit is set on all packets except the last one, and the fragment offset field is set to facilitate reassembly. If the DF bit is set and the packet requires fragmentation, and ICMP destination unreachable (fragmentation required but DF set) is sent back to the originator and the packet is dropped. Reassembly is performed by the end receiver.


IPv6 routers do not perform fragmentation. Any packets which are too large for the MTU of the outgoing interface are dropped, and a ICMPv6 type 2 (Packet too big) message is sent to the originator. All headers up to and including the “routing” EH are included in every packet. The offset and more fragments bits are used the same way as IPv4. All fragments must be received by the receiver within 60 seconds.

1.1.d (iv) TTL

Time To Live (TTL) is an 8 bit field in an IP packet. The initial value of this is set by the sender (defaults differ per operating system). Every layer 3 hop within a network decrements the TTL by a value of 1. If the value is 0, then the packet will be dropped and a ICMP Time Exceeded message will be returned to the originator.

The primary function of this is to prevent traffic indefinitely looping around a layer 3 network. Note that this is in the IP packet, and therefore is not examined at a switch level so does nothing to help layer 2 loops.

TTL is used by traceroute (ICMP, TCP or UDP). A packet is sent to the end destination with TTL=1, and the originator of the Time Exceeded message is the first hop. A second packet packet is sent to the same end destination but with a TTL=2. This continues until the end destination is reached.

1.1.d (v) IP MTU

Maximum Transmission Unit (MTU) is the largest size of a packet that can be transmitted out of an interface without fragmentation.

Optimum MTU depends on the network traffic; a large MTU causes a longer serialization delay which may be unacceptable for voice traffic. However, a smaller MTU can be less efficient when large volumes of data are being moved.

Share this post

  • Share to Facebook
  • Share to Twitter
  • Share to Google+
  • Share to LinkedIn
  • Share by Email