According to my book, if an LSR can not fragment the labelled packet because of DF bit, following will occur:
Only if the IP header has the Don’t Fragment (DF) bit set does the LSR not fragment the IP packet, but it drops the packet and returns an ICMP error message “Fragmentation needed and do not fragment bit set” (ICMP type 3, code 4) to the originator of the IP packet. As with the ICMP message “time exceeded” (type 11, code 0), which is sent when the TTL expires of a labeled packet, the “Fragmentation needed and do not fragment bit set” ICMP message is sent, using a label stack that is the outgoing label stack for the packet that caused the ICMP message to be created. This means that the ICMP message travels further down the LSP until it reaches the egress LSR of that LSP. Then it is returned to the originator of the packet with the DF bit set.
However, when i put this claim to test, i do not see that behavior.
Above R1 f0/1 mpls mtu 1400
On R5, i generated a ping of 1500 , DF bit set. R1 should send ICMP error towards R4 which then send it to R5.
R5#debug ip icmp ICMP packet debugging is on
R5#ping Protocol [ip]: Target IP address: 22.214.171.124 Repeat count : Datagram size : 1500 Timeout in seconds : Extended commands [n]: y Source address or interface: Type of service : Set DF bit in IP header? [no]: y Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 1500-byte ICMP Echos to 126.96.36.199, timeout is 2 seconds: Packet sent with the DF bit set ..... Success rate is 0 percent (0/5)
I do not see such ICMP errors message being received. Wireshark capture between R1--R2, does not show that any ICMP error message from R1 either.
I suspect the packets with DF bit are silently discarded by LSR ( R1). If this is true, then my book is pretty wrong.
1. Introduction Internet security is important with the increasing
attacks that are happening every day. Many internet and browsing
security solutions exist, but some are not very easy to use or maybe the
question is how can I enable them? In this referen...
Cisco Software Manager Server API Guide This document describes the
programmatic interfaces, RESTful APIs, which are supported by Cisco
Software Manager Server (CSM Server). Overview CSM Server supports a set
of finite RESTful APIs. The first step to use ...
If you are using Cisco's new linux-based Cisco Software Manager server,
then you probably want to make sure there is a startup service for
it.I'll assume that you've already installed the CSM server on a
systemd-based linux system. The commands given belo...