Icmp pmtud


#1

So we are starting to implement Jumbo frames. But I wanted to setup a trigger\alert\and dashboard. to be able to see when and where we have issues. so I was looking for a metric with ICMP type 4, code 3. But it looking it looks like extrahop does not pull the ICMP codes.
Does anyone have a trigger or quick method for pulling icmp type 4, Code 3 messages?
One of our sales engineer suggested I start with this

if (event == 'ICMP_MESSAGE'){

if (ICMP.msgType != 3){return};

debug ("Gateway: " + ICMP.gwAddr + " Source: " + ICMP.original.srcAddr + " Destination: "

+ ICMP.original.dstAddr + "Message Type: " + ICMP.msgType);

}

Bu t I am pretty sure I will have to unpack the ICMP message based on the need for code3.
Any suggestions greatly appreciated.


#2

You should be able to use something like the following:
(note: untested code)

// Look for destination unreachable due to DF bit set and fragmentation needed.
if( ICMP.msgType == 3 && ICMP.msgCode == 4 ) {
    Network.metricAddDetailCount("icmp_df_fragneeded", "Gateway: " + ICMP.gwAddr + " Source: " + ICMP.original.srcAddr + " Destination: "+ICMP.original.dstAddr, 1);
}

Then, just use an alert for the “icmp_df_fragneeded” detail metric, or display it on a dashboard.


#3

This worked perfectly. Much appreciated.