CCIE RS – Written – Network Principles – Explain IP Operations

Explain IP Operations


  • Standardizes the way machines talk over the Internet or any IP network forward or route packets based on IP
  • IP protocols must implement own reliability procedures if required

ICMP – Internet Control Management Protocol

  • Protocol number 1
  • Designed to report small set of error conditions
  • Report wide variety of error conditions, feedback and testing capabilities
  • Each message uses a common format
  • Enables IP to perform addressing, datagram packing and routing by allowing encapsulated messages to be sent/received between IP devices
  • ICMP does not make IP reliable or ensure delivery
  • Summary of Message Types
    • 0Echo Reply
    • 3Destination Unreachable
    • 4Source Quench
    • 5Redirect
    • 8Echo
    • 11Time Exceeded
    • 12Parameter Problem
    • 13Timestamp
    • 14Timestamp Reply
    • 15Information Request
    • 16Information Reply

ICMP Unreachable

Generated by host or its inbound gateway to inform client that the destination is unreachable for some reason

  • Reasons for the message
    • Protocol or port is not active
    • Physical connection to host does not exist
    • Data must be fragmented and DF flag is on

Type 3 Destination Unreachable Error Messages

  • 6 codes contained in ICMP header describing unreachable condition
    • 0 – Network unreachable
    • 1 – Host unreachable
    • 2 – Protocol unreachable
    • 3 – Port unreachable
    • 4 – Fragmentation needed and Don’t Fragment (DF) bit set
    • 5 – Source route failed
  • ICMP Unreachable on IOS
    • Default to no more than once every half second

RFC 792

Config – Prevents router from sending unreachable messages

No icmp unreachable

ICMP Redirect

Requests data packets to be send on an alternative route

  • Mechanism for routers to convey routing information to a host
    • Inform host to update its routing table
  • Redirects are only sent by gateways
  • Redirect message – type 5

RFC 1122 –

A host SHOULD NOT send an ICMP Redirect message; Redirects are to be sent only by gateways. A host receiving a Redirect message MUST update its routing information accordingly.  Every host MUST be prepared to accept both Host and Network Redirects and to process them as described in Section below.

A Redirect message SHOULD be silently discarded if the new gateway address it specifies is not on the same connected (sub-) net through which the Redirect arrived [INTRO:2, Appendix A], or if the source of the Redirect is not the current first-hop gateway for the specified destination (see

Config – Disable on Interface

No icmp redirect

IPv4 Options

  • Convey additional information on the packet or on the way it should be processed
  • Processing header options leads to forwarding performance hit

Addressing specifics are defined in a later section in the blueprint. I’ll cover more on IPv4 there

IPv6 Extension Headers

2 Header Types

  • Main/Regular – Equivalent to IPv4
    • 40 Bytes
  • Extension Header
    • This is where options are set
    • RFC 2460
      • RFC2460 also recommends the order in which they should be chained in an IPv6 packet:
  1. IPv6 main header
  2. Hop-by-Hop Options header (if present, it MUST be the first one following the main/regular header)
  3. Destination Options header
  4. Routing header
  5. Fragment header
  6. Authentication header
  7. Encapsulating Security Payload header
  8. Destination Options header
  9. Upper-layer header

The only MUST requirement is that the Hop-by-Hop EH has to be the first one.

Commonly used Extension Headers

  • Hop-by-Hop EH is used for the support of Jumbo-grams or, with the Router Alert option, it is an integral part in the operation of MLD. Router Alert [3] is an integral part in the operations of IPv6 Multicast through Multicast Listener Discovery (MLD) and RSVP for IPv6.
    • Only EH that must be fully processed by at network devices
  • Destination EH is used in IPv6 Mobility as well as support of certain applications.
  • Routing EH is used in IPv6 Mobility and in Source Routing. It may be necessary to disable “IPv6 source routing” on routers to protect against DDoS.
  • Fragmentation EH is critical in support of communication using fragmented packets (in IPv6, the traffic source must do fragmentation-routers do not perform fragmentation of the packets they forward)
  • Mobility EH is used in support of Mobile IPv6 service
  • Authentication EH is similar in format and use to the IPv4 authentication header defined in RFC2402.
  • Encapsulating Security Payload EH is similar in format and use to the IPv4 ESP header defined in RFC2406. All information following the Encapsulating Security Header (ESH) is encrypted and for that reason, it is inaccessible to intermediary network devices. The ESH can be followed by an additional Destination Options EH and the upper layer datagram.

IPv4 Fragmentation

Breaking datagrams into smaller pieces so packets can pass through a link with a smaller MTU (Maximum Transmission Unit)

  • RFC 791 – Procedure for IP fragmentation, transmission and reassembly
  • Router has 2 options when it receives PDU larger than next hops MTU
    • Drop PDU and send ICMP message “Packet to Big”
    • Fragment the packet
  • Reassembly is intended to happen by receiving host but in practice is done by intermediate router
    • Ex. NAT may need to re-assemble fragments
  • Fragments can cause excessive retransmissions if there is packet loss
    • TCP must retransmit all fragments in order to recover the loss of a single fragment
  • Routers perform the fragmentation
  • Reassembled size up to 576 bytes

IPv6 Fragmentation

IPv6 hosts are required to determine Path MTU before sending packets

  • Guaranteed IPv6 packet smaller than or equal to 1280 bytes must be deliverable without fragmentation
  • Routers do NOT fragment the packets and drop packets larger than the MTU
  • Reassembled size to 1280 bytes
  • Larger than 1500 bytes are silently dropped

TTL – Time to Live

Time to live in seconds; as this field is decremented at each device the packet is processed by. This limits the amount of time a packet can live in the network. TTL is meant to help a packet from being sent for an infinite time through the network.

8 Bits in length 

If the TTL reaches 0, the device will drop the packet. TTL can also be known as hop limit.

If the TTL is exceeded the device responds back to the source with a ICMP type 11 – Time Exceeded

In IPv6, TTL has been renamed to Hop Limit



  • Sets maximum MTU size for IP packets on an interface
  • Minimum is 128 bytes – Depending on interface medium

Interface MTU

  • Max packet size supported by interface
  • Generally defaults to largest size
    • Serial Interface size differs – Cannot be smaller than 64 bytes

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.