Large Icmp echo reply

Created: Feb 26, 2020 06:20:48Latest reply: Feb 29, 2020 05:59:53 123 7 0 0
  Rewarded HiCoins: 0 (problem resolved)

Hello all


I have a router in the edge of my network that continuesly sends large ICMP echo reply packet to the firewall. The src and dst of packets are the same (router interface's ip address).


could any one tell me why does the router send this kind of packets?


Thanks

  • x
  • convention:

Featured Answers

Recommended answer

Popeye_Wang
Admin Created Feb 26, 2020 14:15:41 Helpful(2) Helpful(2)

Hi,

As shown in the following figure, the ICMP packets are the link-heartbeat detection packets. The source and destination IP addresses of the ICMP packet are the IP address of the interface,  the source MAC address is the MAC address of the port, and the priority is 7.  The packet is sent out after a circle inside the device, and the peer device then sends back the packet. This function automatically detects the status of the PHY chip, optical module, and link inside the device, which helps locate and rectify faults. It is a reliable maintenance method for NE devices. 

You can run the following command to disable the function: 

set said-node said-ping disable

Note that if this function is disabled, the detection and maintainability methods of the device may be weakened, and some faults may not be detected and cannot be automatically rectified.

x


  • x
  • convention:

tesfama
tesfama Created Feb 29, 2020 08:18:39
nice tips for improving ICMP traffic  
All Answers
wissal
wissal MVE Created Feb 26, 2020 06:52:21 Helpful(0) Helpful(0)

Hello,
You can run the icmp-reply fast command to enable the fast ICMP reply function on a device. After the fast ICMP reply function is enabled on the device, the LPU that receives ICMP packets fast responds to the ICMP echo request packets whose destination address is the device address. This improves the device forwarding performance.
Thanks
  • x
  • convention:

I%20would%20like%20to%20share%20with%20you%20my%20experience%2C%20I'm%20telecommunications%20engineer%2C%20currently%20senior%20project%20manager%20at%20an%20operator%2C%20partner%20of%20Huawei%2C%20in%20the%20radio%20access%20network%20department%2C%20for%2020%20years%20I%20managed%20several%20types%20of%20projects%2C%20for%20the%20different%20nodes%20of%20the%20network.%3Cbr%2F%3EAt%20the%20same%20time%2C%20I%20give%20courses%20in%20universities%20as%20a%20temporary%2C%20to%20bring%20the%20operational%20side%20of%20telecommunication%20technologies%20to%20students%2C%20for%20network%20supervision%20systems%2C%20mobile%20radio%20networks%20and%20access%20networks%20etc.
chenhui
chenhui Admin Created Feb 26, 2020 06:57:10 Helpful(0) Helpful(0)

Hi @user_3736238,
please check if the BFD/NQA function configured on the router.
  • x
  • convention:

user_3736238
user_3736238 Created Feb 26, 2020 08:04:23 Helpful(0) Helpful(0)

Posted by wissal at 2020-02-26 06:52 Hello,You can run the icmp-reply fast command to enable the fast ICMP reply function on a device. Af ...
Thank you for your response, i can not see any icmp request, there just are icmp echo reply packets. and the ttl is 2. As i mentioned, both src and dst ip address are the same and equal to the Router interface Ip address that is connected to the firewall.
  • x
  • convention:

user_3736238
user_3736238 Created Feb 26, 2020 10:01:07 Helpful(0) Helpful(0)

Posted by chenhui at 2020-02-26 06:57Hi @user_3736238,please check if the BFD/NQA function configured on the router.

yes, BFD is configured.

  • x
  • convention:

Popeye_Wang
Popeye_Wang Admin Created Feb 26, 2020 14:15:41 Helpful(2) Helpful(2)

Hi,

As shown in the following figure, the ICMP packets are the link-heartbeat detection packets. The source and destination IP addresses of the ICMP packet are the IP address of the interface,  the source MAC address is the MAC address of the port, and the priority is 7.  The packet is sent out after a circle inside the device, and the peer device then sends back the packet. This function automatically detects the status of the PHY chip, optical module, and link inside the device, which helps locate and rectify faults. It is a reliable maintenance method for NE devices. 

You can run the following command to disable the function: 

set said-node said-ping disable

Note that if this function is disabled, the detection and maintainability methods of the device may be weakened, and some faults may not be detected and cannot be automatically rectified.

x


  • x
  • convention:

tesfama
tesfama Created Feb 29, 2020 08:18:39
nice tips for improving ICMP traffic  
user_3736238
user_3736238 Created Feb 29, 2020 05:59:53 Helpful(0) Helpful(0)

Posted by Popeye_Wang at 2020-02-26 14:15 Hi,As shown in the following figure, the ICMP packets are the link-heartbeat detection packets. The ...
Thank you! Regarding your answer I should change the thresholds and config in my Firewall to prevent false positive alarms.
  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

My Followers

Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login