Previous Table of Contents Next


The Redirect message (ICMP Type = 5) contains the router (gateway) address necessary for the datagram to reach the desired destination. In addition, the IP header plus the first 8 octets of the datagram in question return to the source host to aid the diagnostic processes.

Another potential problem of connectionless networks is that datagrams can get lost within the network. Alternatively, congestion could prevent all fragments of a datagram from being reassembled within the host’s required time. Either of these situations could trigger an ICMP Time Exceeded message (ICMP Type = 11). This message contains two codes: time-to-live exceeded in transmit (code = 0), and fragment reassembly time exceeded (code = 1). The rest of the message has the same format as the Source Quench message: the second word contains all Zeros and the rest of the message contains the IP header and first 8 octets of the offending datagram.

If a datagram cannot be processed because of errors, higher-layer processes recognize the errors and discard the datagram. Parameter problems within an IP datagram header (such as incorrect Type of Service field) would trigger the sending of an ICMP Parameter Problem message (ICMP Type = 12) to the source of that datagram, identifying the location of the problem. The message contains a pointer that identifies the octet with the error. The rest of the message contains the IP datagram header plus the first 8 octets of data, as before.

The Timestamp message (ICMP Type = 13) and Timestamp Reply message (ICMP Type = 14) either measure the round-trip transit time between two machines or synchronize the clocks of two different machines. The first two words of the Timestamp and Timestamp Reply messages are similar to the Echo and Echo Reply messages. The next five fields contain timestamps, measured in milliseconds since midnight, Universal Time (UT). The Timestamp requester fills in the Originate field when it transmits the request; the recipient fills in the Receive Timestamp upon its receipt. The recipient also fills in the Transmit Timestamp when it transmits the Timestamp Reply message. With this information, the requester can estimate the remote processing and round-trip transit times. (Note that these are only estimates, since network delay is a highly variable measurement.) The remote processing time is the Received Timestamp minus Transmit Timestamp. The round-trip transit time is the Timestamp Reply message arrival time minus the Originate Timestamp. With these two calculations, the two clocks can be synchronized.

The subnetting requirements (RFC 950) added the Address Mask Request (ICMP Type = 17) and Address Mask Reply (ICMP Type = 18) to the ICMP message set. It is assumed that the requesting host knows its own internet address. (If not, it uses RARP to discover its Internet address.) The host broadcasts the Address Mask Request message to destination address 256.256.256.255 and fills the Address Mask field of the ICMP message with zeros, and the IP router that knows the correct address mask responds. For example, the response for a Class B network (when subnet addresses are not used) would be 256.256.0.0. A Class B network using an 8-bit subnet field would be 256.256.256.0. Section 4.2 of Troubleshooting TCP/IP provides additional details on subnet addresses.

6.5 Network Interface Protocols

The lowest layer of the ARPA architectural model is the Network Interface layer, which encompasses the OSI Data Link and Physical layers. This layer is responsible for the network hardware and topology, such as Ethernet, token ring, FDDI, and so on. WAN protocols, such as dial-up or leased-line connections, X.25, or Frame Relay, can also be implemented at this layer. Because most SNMP implementations involve local, not remote manager/agent relationships, we will concentrate on the LAN protocols in this section. For more information on the WAN options, consult Chapter 3 of Troubleshooting TCP/IP [6-2].

6.5.1 Ethernet

DEC, Intel, and Xerox (known collectively as DIX) developed Ethernet in 1973. The first version, known as Experimental Ethernet, operated at 3 Mbps, and used 8-bit addresses. This later became Ethernet Version 1, and finally Ethernet Version 2, which we use today. Ethernet Version 2 transmits at 10 Mbps and uses 48-bit addresses. Ethernet was the first LAN to achieve wide acceptance, and much of its development coincided with research into the Internet protocols. As a result, many TCP/IP-based internetworks contain Ethernet segments.

One word of caution is in order, however. In the early 1980s, the DIX Ethernet Standard became the model for IEEE 802.3, the Carrier Sense Multiple Access with Collision Detection (CSMA/CD). The IEEE improved the DIX version and published IEEE 802.3 in 1983. The Ethernet and IEEE 802.3 standards are similar, but not identical. This section discusses Ethernet. Section 6.5.2 talks about IEEE 802.3.

The Ethernet frame format, shown in Figure 6-6, defines a length of between 64 and 1518 octets, including the header, data, and trailer. The header consists of Destination and Source addresses that are 6 octets (48 bits) each, plus a 2-octet field known as the Type (or Ethertype) field. The Ethernet-designated destination address for broadcast frames is all ONES (FFFFFFFFFFFFH). The type designates the higher-layer protocol in use within the Data field. A number of these Ethernet Protocol Types are defined, and can be found in RFC 1340.


Figure 6-6.  Ethernet frame with SNMP message (©1982 Digital Equipment Corp.)

The Data field must be between 46 and 1500 octets in length. If an extremely short IP datagram is transmitted (less than 46 octets), the data field is padded with zeros to reach the minimum 46 octet length. (This padding is not considered part of the IP datagram length and is not counted in the Total Length field within the IP header.) The Internet Standard for Ethernet networks (RFC 894 [6-6]) and Appendix B of the IP specification (RFC 791) provide further details on the specific data formats.


Previous Table of Contents Next