>> MIB - Management Information Base

>> Table: ipIcmp - (.1.3.6.1.4.1.272.4.5.32)

ipIcmp
OIDNameTypeAccess
.1SourceQuenchENUMRW
.2TimeExceededTransENUMRW
.3TimeExceededFragENUMRW
.4DestUnreachFragENUMRW
.5DestUnreachHostENUMRW
.6DestUnreachHostTcpENUMRW
.7DestUnreachProtoENUMRW
.8EchoReplyENUMRW
.9MaskReplyENUMRW

SourceQuench
enabled : If an IP packet is discarded due to congestion,

the system sends an ICMP 'Source-Quench' message

back to the originator of the packet.

For congestion-control/prevention, the system may

send ICMP 'Source-Quench' messages also.

This is the default behavior of the system.

The rate of ICMP 'Source Quench' messages is

limited to max. 1 message/s per originator.

disabled: system never sends ICMP 'Source-Quench' messages

(not for congestions nor for congestion-control).

Enumerations:
  • enabled (1)
  • disabled (2)
TimeExceededTrans
enabled : If an IP packet could not be delivered/forwarded

to destination due to packet TTL (Time to live) or

dialup-interface timeout, the packet is discarded

and the system sends an ICMP 'Time-Exceeded/Trans'

message back to the originator of the packet.

This is the default behavior of the system.

disabled: If an IP packet could not be delivered/forwarded

to destination due to packet TTL (Time to live) or

dialup-interface timeout, the packet is silently

discarded.

ICMP 'Time Exceeded/Trans' messages should be

disabled with care (only if really necessary),

because some usefull external tools based on

this protocol (e.g. 'traceroute').

Enumerations:
  • enabled (1)
  • disabled (2)
TimeExceededFrag
enabled : If an IP packet could not be delivered/forwarded

to destination due to fragment-reassembly timeout,

the system sends an ICMP 'Time-Exceeded/Fragment'

message back to the originator of the packet.

This is the default behavior of the system.

disabled: If an IP packet could not be delivered/forwarded

to destination due to fragment-reassembly timeout,

the IP packet is silently discarded.

ICMP 'Time Exceeded/Fragment' messages should be

disabled with care (only if really necessary).

Enumerations:
  • enabled (1)
  • disabled (2)
DestUnreachFrag
enabled : If an IP packet could not be delivered/forwarded

to destination due to MTU/Dont-Fragment error

(packet must be fragmented due to interface-MTU

but Dont-Fragment (DF) bit is set in IP header),

the IP packet is discarded and the system sends an

ICMP 'Destination-Unreachable/Fragment' message

back to the originator of the packet.

This is the default behavior of the system.

disabled: If an IP packet could not be delivered/forwarded

to destination due to interface-MTU/DF-bit problem,

the packet is silently discarded.

ICMP 'Destination-UnreachableFragment' messages

should be disabled with care (only if really

necessary). Disabling of this ICMP messages

will make Path MTU Discovery impossible and

might lead to bad performance behaviours.

Enumerations:
  • enabled (1)
  • disabled (2)
DestUnreachHost
enabled : If an IP packet could not be delivered/forwarded

to destination due to routing errors (e.g. no

matching route exists, interface down/blocked),

the packet is discarded and the system sends an

ICMP 'Destination-Unreachable/Host' message

back to the originator of the packet.

This is the default behavior of the system.

(see ipIcmpDestUnreachHostTcp also)

disabled: If an IP packet could not be delivered/forwarded

to destination due to routing errors (e.g. no

matching route exists, interface down/blocked),

the packet is silently discarded.

ICMP 'Destination-Unreachable/Host' messages

should be disabled with care (only if really

necessary).

The functionality of the virtual REFUSE-Interface

is NOT affected by this parameter - the system

will continue to send ICMP 'Dest-Unreachable/Host'

messages for all packets explicity routed to

this Interface (ifIndex 0).

The functionality of ipExtIfNatSilentDeny=disabled

is NOT affected by this parameter - the system

will continue to send ICMP 'Dest-Unreachable/Host'

messages for incoming IP-Packets that does not

pass the NAT barrier of NAT-enabled Interfaces.

Enumerations:
  • enabled (1)
  • disabled (2)
DestUnreachHostTcp
Set ICMP (Dest Unreachable/Host) behavior for TCP packets.

tcp-rst : If a TCP packet can not be delivered/forwarded

to destination (e.g. no matching route exists,

interface down/blocked), the TCP-Connection

is terminated by sending a TCP-RST message 

(a TCP packet with RST-bit set in TCP-header)

back to the originator of the packet.

This is the default behavior of the system.

The TCP RST message is send INSTEAD of an

ICMP 'Destination-Unreachable/Host' message.

If ipIcmpDestUnreachHost is set to disabled(2),

no TCP-RST message is sent back.

icmp : TCP traffic is handled like all other IP traffic.

(see description of ipIcmpDestUnreachHost)

Enumerations:
  • tcp-rst (1)
  • icmp (2)
DestUnreachProto
enabled: If an IP packet addressed to local system could

not be handled due to unsupported protocol type

in IP packet-header (e.g. not TCP, UDP or ICMP),

the packet is discarded and the system sends an

ICMP 'Destination-Unreachable/Proto' message

back to the originator of the packet.

This is the default behavior of the system.

disabled: If an IP packet addressed to local system could

not be handled due to unsupported protocol type

in IP packet-header (e.g. not TCP, UDP or ICMP),

the packet is silently discarded.

ICMP 'Destination-Unreachable/Proto' messages

should be disabled with care (only if really

necessary).

Enumerations:
  • enabled (1)
  • disabled (2)
EchoReply
enabled : each incoming ICMP 'Echo-Request' message

addressed to local system is answered with

an ICMP 'Echo-Reply' message.

This is the default behavior of the system.

disabled: incoming ICMP 'Echo-Request' messages addressed

to local system are silently discarded.

ICMP 'Echo-Reply' messages should be disabled

with care (only if really necessary), because

some usefull external tools based on this

protocol (e.g. 'ping').

local 'pings' to other system/routers are

not affected by this parameter.

Enumerations:
  • enabled (1)
  • disabled (2)
MaskReply
enabled : each incoming ICMP 'Mask-Request' message

addressed to local system is answered with

an ICMP 'Mask-Reply' message.

This is the default behavior of the system.

disabled: incoming ICMP 'Mask-Request' messages addressed

to local system are silently discarded.

ICMP 'Echo-Mask' messages should be disabled

with care (only if really necessary), because

subnet-discovery based on this protocol.

Enumerations:
  • enabled (1)
  • disabled (2)


Copyright ©2003 by BinTec Access Networks GmbH