Detailed description of ICMP protocol Workflow

ICMP is one of the most important protocols in network protocols. It implements some effective message control to complete some transmission errors. So how should we understand this agreement? What is its workflow?

Since the IP network is unreliable and cannot guarantee information transmission, it is important to notify the sender when a problem occurs. ICMP is a mechanism for providing network fault problem feedback information to prevent packet transmission. it enables upper-layer protocols such as TCP to realize that data packets are not delivered to the destination. ICMP provides a method to identify catastrophic problems. these catastrophic problems include TTL exceeded and more data segments. ICMP does not report IP verification failures and other common problems. this is because we assume that TCP or other reliable protocols can handle such packet corruption issues. moreover, if we use unreliable protocols such as UDP, we should ignore a small amount of data loss.

Otherwise, you need to report network problems immediately. for example, if the ip ttl value (IP survival time) is zero, a routing loop may occur in some part of the network, so that no data packet can be sent to the destination. the endpoint system needs to understand these types of faults. ICMP is a protocol for sending various messages to report the network status, rather than simply a simple ping (connectivity test program ). response request (echo request) is only one of the many messages provided by ICMP. ping information can be filtered out. however, most ICMP messages are required for the normal operation of IP, TCP, and other protocols. never believe that the ICMP protocol is evil and simply blocks it.

The ICMP protocol itself is very complicated. each type of ICMP message is also called "Main type major type)" has its own "subtype encoding minor codes )". the ICMP protocol operates at Layer 3rd, so it can be routed over the Internet. an ICMP packet is actually an IP packet that contains ICMP data. each ICMP message contains the full IP packet header of the packet that initiates the ICMP message. In this way, the endpoint system will know which data packet is not actually sent to the destination. in addition, the first eight bytes of the packet that triggers the ICMP message will also be included, which is usually a TCP or UDP packet header.

Simply put, an ICMP message contains three fields that will never change, followed by ICMP data, followed by the Source IP packet header that triggers the message. among the three fields that will not change, the first eight bytes contain the ICMP type (primary type), the second field contains the type code, and the third field is the ICMP Message check value.

We need to realize that the ICMP protocol will not send error messages in some cases. ICMP does not respond to ICMP information. if ICMP responds to other ICMP messages, the number of these messages will surge and evolve into an ICMP message storm. to prevent a broadcast storm, ICMP messages do not respond to a broadcast or multicast address.

The most useful ICMP packet type "Destination inaccessible" Type 3) messages. the error message is generally generated by the router and sent to the data packet source. most error messages will also be sent to the application related to the sent packets. in this case, ICMP is widely used in TCP. we will soon see this situation later.

The most common types of ICMP messages in IPv4 are as follows:

Echo response (Type 0) and echo request (Type 8): This is the message sent by the Ping program.

Inaccessible target (Type 3)

Source suppression (Type 4): This is an ICMP message that notifies the sender router or host of blocking. The sender needs to reduce the sending speed.

Redirection (type 5): this message is used to say "please use another vro" to the host that can access two vrouters ". we will discuss this issue in detail in the future routing issues in this series of lectures.

Router Information Response (type 9) and Router Information Request (type 10)

Timeout (Type 11): This message has two purposes. first, an error message is sent to the sending system when the IP lifetime is exceeded. second, if the segment IP datagram is not re-combined within a certain period of time, the message will be notified to the sending system.

Of course, all the above types of messages contain child-type code. type 3 message "inaccessible target" itself has 15 sub-types of code. we will not provide details about each item. however, there is a very important application in the ICMP protocol that relies on messages of Type 3.

The path maximum transmission unit (PMTU) is a mechanism used by various protocols to find the maximum MTU (maximum transmission unit) supported in the entire path. Data smaller than this limit can be segmented. the sender sets the maximum packet specification on the local interface, and then uses the DF (do not segment) flag in the IP packet header to send the packet. if there is a problem, the sender will receive the third type of ICMP error message. Its subtype code is "requires segmentation, but DF flag has been set ". in this case, the sender knows that it must reduce the specification of the sent data. if no error message is returned, the MTU settings are correct.

When PMTU is searched, the main problem is that ICMP is often blocked to prevent the error message from being transmitted to the host sending data. this often happens when you try to connect to a remote site. if you send a request to a Web server, a blank page appears continuously. this is often seen in virtual private network connections, because some virtual private network encapsulates additional file headers, their MTU is smaller than the normal capacity. when a remote Web server sends the required content to a virtual private network user, if the data packet is too large, the last route hop Number of the user needs to be segmented. if the sender sets the DF flag, all it can do is to notify the sender that a small packet must be sent. however, the sender blocks the ICMP protocol, so the website will never see this ICMP message. however, the good news is that most TCP protocol execution is intelligent. if they never get the permission to send data, they will send data themselves in smaller segments. however, if you use some popular and convenient operating systems, this mechanism is not implemented.

In short, blocking the ICMP protocol is harmful to the successful running of the network. This will not only damage the ping, but in fact, if the ICMP protocol does not work, many protocols will not be fully functional.

Summary

ICMP includes many types of data packets for various purposes. Each type has subtype code to specify the specific content of these message types.

Finding the maximum transmission unit in the path enables packets with the correct specification to be transmitted over the chain of various packet capacities.

ICMP is very important for proper routing and packet transmission. You can only block the messages you don't need.