Understanding ICMP for Network Management

In this section, we're going to cover the Internet Control Message Protocol, ICMP. ICMP is used mostly to signal error conditions between hosts and routers, so users don't see it much unless they run programs like ping or traceroute. But as networking students, it's good for us to know a little bit about ICMP. I've got great news for you. This is a really short section. I've only got two slides. It's going to be short and sweet, since the protocol itself is pretty simple. So let's get started. The ICMP protocol is used by hosts and routers to communicate, to signal, network-level information to each other. Often this information is in the form of error reporting. For example, a network or a host or a port or a protocol. that's unreachable. And ICMP messages are also used in ping and traceroute. ICMP messages are carried directly as payload inside an IP datagram, just like UDP and TCP segments are carried as payload inside an IP datagram. So in that sense, we can think of ICMP as a sibling protocol to UDP or TCP, but we really won't think of it as a transport layer protocol. As an upper layer protocol, ICMP also has a protocol number. Its protocol number is 1. It's the very first number. And as you remember, this protocol number is used for demultiplexing up from IP, whether it be to ICMP, to UDP, or to TCP. An ICMP message has... a one byte type field a one byte code field two byte checksum field and then the header and up to eight bytes of the ip datagram that caused an icmp message to be issued in the first place for example might contain the first eight bytes of the datagram whose ttl was exceeded you can see the type and the code field shown here you might note that type 11 code 0 is the icmp ttl expired message which means that a router's received a datagram decremented the TTL field, and the TTL field is now zero. This message is going to be key to how traceroute works. Well, with this as background, you can probably already figure out how the traceroute program works. Traceroute works by sending a set, usually a set of three UDP datagrams towards a destination. The first set of datagrams is sent with an IP TTL field value set to one. The second set is sent with a TTL value of two. The third is sent... with a TTL value of three, and so on. Now remember, an IP router, when it forwards datagrams, always has to decrement the TTL field. And when that TTL field is decremented to zero, that datagram needs to be dropped at that router. That router may also send back an ICMP message back to the source indicating that the TTL value has expired. And the IP address of the message containing that ICMP TTL expired message is the IP address of the router where that packet was dropped. And so voila, if a sender sends a UDP segment with a TTL value of n, the reply back from the router is the router that's n hops away on the path towards that destination. Now I've used the word may a couple of times here. RC 792 doesn't require that ICMP messages be sent by a router. It just says that they may be sent. In traceroute, the source also records the amount of time from when it sent an IP datagram to the time when the corresponding ICMP message is received from the router. That's a measurement of the RTT from the host to that router. When a UDP segment that's sent eventually reaches the destination host, that destination host will typically return an ICMP port-unreachable message, type 3, code 3, but it's not required to do so. But if... If a source receives the support unreachable message, it knows that it's reached the end of the path. Well, I promised you this section would be short and sweet, and so it is. Promise kept. You know, we can think of ICMP as a tool that can be used for network management. Tools like ping and traceroute have been used by network managers for decades. But there are many more tools and techniques for network management beyond ping and traceroute. We're going to cover those in the next section.

I've got great news for you. This is a really short section. I've only got two slides. It's going to be short and sweet, since the protocol itself is pretty simple. So let's get started.

The ICMP protocol is used by hosts and routers to communicate, to signal, network-level information to each other. Often this information is in the form of error reporting. For example, a network or a host or a port or a protocol. that's unreachable.

And ICMP messages are also used in ping and traceroute. ICMP messages are carried directly as payload inside an IP datagram, just like UDP and TCP segments are carried as payload inside an IP datagram. So in that sense, we can think of ICMP as a sibling protocol to UDP or TCP, but we really won't think of it as a transport layer protocol. As an upper layer protocol, ICMP also has a protocol number. Its protocol number is 1. It's the very first number.

And as you remember, this protocol number is used for demultiplexing up from IP, whether it be to ICMP, to UDP, or to TCP. An ICMP message has... a one byte type field a one byte code field two byte checksum field and then the header and up to eight bytes of the ip datagram that caused an icmp message to be issued in the first place for example might contain the first eight bytes of the datagram whose ttl was exceeded you can see the type and the code field shown here you might note that type 11 code 0 is the icmp ttl expired message which means that a router's received a datagram decremented the TTL field, and the TTL field is now zero.

This message is going to be key to how traceroute works. Well, with this as background, you can probably already figure out how the traceroute program works. Traceroute works by sending a set, usually a set of three UDP datagrams towards a destination. The first set of datagrams is sent with an IP TTL field value set to one. The second set is sent with a TTL value of two.

The third is sent... with a TTL value of three, and so on. Now remember, an IP router, when it forwards datagrams, always has to decrement the TTL field.

And when that TTL field is decremented to zero, that datagram needs to be dropped at that router. That router may also send back an ICMP message back to the source indicating that the TTL value has expired. And the IP address of the message containing that ICMP TTL expired message is the IP address of the router where that packet was dropped. And so voila, if a sender sends a UDP segment with a TTL value of n, the reply back from the router is the router that's n hops away on the path towards that destination.

Now I've used the word may a couple of times here. RC 792 doesn't require that ICMP messages be sent by a router. It just says that they may be sent. In traceroute, the source also records the amount of time from when it sent an IP datagram to the time when the corresponding ICMP message is received from the router. That's a measurement of the RTT from the host to that router.

When a UDP segment that's sent eventually reaches the destination host, that destination host will typically return an ICMP port-unreachable message, type 3, code 3, but it's not required to do so. But if... If a source receives the support unreachable message, it knows that it's reached the end of the path.

Well, I promised you this section would be short and sweet, and so it is. Promise kept. You know, we can think of ICMP as a tool that can be used for network management.

Tools like ping and traceroute have been used by network managers for decades. But there are many more tools and techniques for network management beyond ping and traceroute. We're going to cover those in the next section.

Transcript for:Understanding ICMP for Network Management

Transcript for:
Understanding ICMP for Network Management