ICMP error packets
contain network information, such as network connectivity, host reachability,
and route availability. ICMP error packets are ultimately returned
to the sender because the sender is the logical receiver of the ICMP
error packets. The sender learns about the error types from the ICMP
error packets, and then determines how to retransmit the data.
After receiving an IP packet, if the device finds that
the destination is unreachable, the device discards the packet, and
returns a Destination Unreachable packet to the source.
Port Unreachable, Protocol Unreachable, and Host Unreachable packets
are ICMP Destination Unreachable packets.
- When receiving a data packet of which the destination address
is a local address and transport protocol is UDP, if the device detects
that the port number of the packet does not match the running process,
the source sends a Port Unreachable packet to the source.
- When receiving a data packet of which the destination address
is the local address, if the device does not support the transport
layer protocol of the data packet, the device returns a Protocol Unreachable
packet to the source.
- When a device receives a data packet, but cannot forward it, the
device returns a Host Unreachable packet to the source.
The Destination Unreachable packets facilitate
network control and management. However, the inherent defects of the
ICMP protocol make the routing devices and hosts be prone to attacks.
Therefore, sending the ICMP Destination Unreachable packets has the
following defects:
- The ICMP packets increase traffic volume and burden the network
devices.
- If a device receives a large number of malicious attack packets
and needs to return ICMP error packets, the device is busy handling
ICMP packets, and the device performance is degraded.
- The ICMP Destination Unreachable packets indicate that the destination
is unreachable. If there are malicious attacks, user terminals cannot
normally use the network.
After
you run the icmp protocol-unreachable send command, the device
does not send ICMP Protocol Unreachable packets externally. This prevents
the peer device from processing a large number of ICMP packets.