(In Layer 3, ) the cases that incomming packet is discarded are following.
- 1. There is no route in the routing table
- 2. Matches the Null routes existing in the routing table
- 3. though DF bit in the IP header is set, the packet size exceeding the MTU value
- 4. the TTL becomes 0
- 5. When it exceeds the capacity of the transfer capability of the NW equipment
- IT/インフラエンジニアの地位とスキル向上のために
1. There is no route in the routing table
If there is no destination IP route in the routing table, because no longer know where the packet should be sent, the NW device discards the packet. At the timing to be discarded, the NW device notifies the ICMP Destination Unreachable (Network Unreachable ) to the source IP address. However, since for most routing table contains the default route, this case is rare.
2. Matches the Null routes existing in the routing table
If you want to realize that "communication of this destination must be discarded" on a certain NW device, you can discard the packet by setting the Null route (although you can also write in the ACL).
For example, if you want to discard the communication destined to 192.168.1.0/24, "next hop of the network 192.168.1.0/24 is Null Interface" it may be set to Null route that.
This Null routes are generated when you configure an aggregate(summary) route in OSPF and EIGRP. It is to avoid a routing loop. For more information about this reason, please refer to here .
3. though DF bit in the IP header is set, the packet size exceeding the MTU value
When trying to transfer a packet size larger than the MTU value, the router will attempt to fragmentation. However, if the DF bit is set, because of the fragmentation ban, the packet in the NW device is discarded. At the timing to be discarded, the NW device notfies the ICMP Destination Unreachable (Need Fragmentation but Can not Fragment) to the source IP address. The ICMP packet has the information of the appropriate MTU value for the sender.
However, if this ICMP is denied by the access list or the like, it is not possible to know the appropriate MTU value, and since you do not know even whether it has reached the destination, it will continue to wait until the time-out.
4. the TTL becomes 0
The value of the TTL field of the IP header is decremented by one when routing. If incoming packet's TTL is 1 and the destination IP address is not a NW address Connected to the NW device (it means the routing is required), TTL is reached to 0, and the packet is discarded by the NW device It will be. At the timing to be discarded, the NW device notifies ICMP Time Exceeded from the NW device to the source IP address.
Type a ping at the command prompt, "TTL expired in transit" is displayed because you received this ICMP. In this case, it most likely occuers routing loops.
It is possible, of course, that "There are too many network devices passed by", but now least likely.
If you want to investigate more, you can use tracert tool.
5. When it exceeds the capacity of the transfer capability of the NW equipment
This is natural, but when you came in the performance or more packets of equipment, part of the packet is dropped (rather thandiscarded).
The possible performance indexes involved are bps and pps, CPU usage and memory usage.
bps and pps is the flow rate of the packet. Please refer here for details .
Some people might think "Routing and switching are hardware processing, so probably does not influence to CPU!" , but when the packet is taken from the receiving NIC to memory, when set a packet header rewrite processing to the sending NIC, the NW device uses CPU a slightly. So, it affects if the CPU is running 100 percent.
And, it is about memory usage, as a memory area for storing the received packet, and specifically use the heap area of memory called a ring-buffer.The receive buffer rx-ring, called the transmit buffer with the tx-ring.
If you want to change these values use the following command. The larger, the possibility of packet loss will be lower.
Although it is possible to reduce the packet loss to set to large value, you must be careful also possible to be large delay.
コメント