The ICMP Destination Unreachable message is sent by a router in response to a packet which it cannot forward because the destination (or next hop) is unreachable or a service is unavailable. Examples of such cases include a message addressed to a host which is not there and therefore does not respond to ARP requests, and messages addressed to network prefixes for which the router has no valid route.
A router MUST be able to generate ICMP Destination Unreachable messages and SHOULD choose a response code that most closely matches the reason the message is being generated.
The following codes are defined in [INTERNET:8] and [INTRO:2]:
|0||Network Unreachable||generated by a router if a forwarding path (route) to the destination network is not available;|
|1||Host Unreachable||generated by a router if a forwarding path (route) to the destination host on a directly connected network is not available (does not respond to ARP);|
|2||Protocol Unreachable||generated if the transport protocol designated in a datagram is not supported in the transport layer of the final destination;|
|3||Port Unreachable||generated if the designated transport protocol (e.g., UDP) is unable to demultiplex the datagram in the transport layer of the final destination but has no protocol mechanism to inform the sender;|
|4||Fragmentation Needed and DF Set||generated if a router needs to fragment a datagram but cannot since the DF flag is set;|
|5||Source Route Failed||generated if a router cannot forward a packet to the next hop in a source route option;|
|6||Destination Network Unknown||This code SHOULD NOT be generated since it would imply on the part of the router that the destination network does not exist (net unreachable code 0 SHOULD be used in place of code 6);|
|7||Destination Host Unknown||generated only when a router can determine (from link layer advice) that the destination host does not exist;|
|11||Network Unreachable For Type Of Service||generated by a router if a forwarding path (route) to the destination network with the requested or default TOS is not available;|
|12||Host Unreachable For Type Of Service||generated if a router cannot forward a packet because its route(s) to the destination do not match either the TOS requested in the datagram or the default TOS (0).|
The following additional codes are hereby defined:
|13||Communication Administratively Prohibited||generated if a router cannot forward a packet due to administrative filtering;|
|14||Host Precedence Violation.||Sent by the first hop router to a host to indicate that a requested precedence is not permitted for the particular combination of source/destination host or network, upper layer protocol, and source/destination port;|
|15||Precedence cutoff in effect.||The network operators have imposed a minimum level of precedence required for operation, the datagram was sent with a precedence below this level;|
NOTE: [INTRO:2] defined Code 8 for source host isolated. Routers SHOULD NOT generate Code 8; whichever of Codes 0 (Network Unreachable) and 1 (Host Unreachable) is appropriate SHOULD be used instead. [INTRO:2] also defined Code 9 for communication with destination network administratively prohibited and Code 10 for communication with destination host administratively prohibited. These codes were intended for use by end-to-end encryption devices used by U.S military agencies. Routers SHOULD use the newly defined Code 13 (Communication Administratively Prohibited) if they administratively filter packets.
Routers MAY have a configuration option that causes Code 13 (Communication Administratively Prohibited) messages not to be generated. When this option is enabled, no ICMP error message is sent in response to a packet that is dropped because its forwarding is administratively prohibited.
Similarly, routers MAY have a configuration option that causes Code 14 (Host Precedence Violation) and Code 15 (Precedence Cutoff in Effect) messages not to be generated. When this option is enabled, no ICMP error message is sent in response to a packet that is dropped because of a precedence violation.
Routers MUST use Host Unreachable or Destination Host Unknown codes whenever other hosts on the same destination network might be reachable; otherwise, the source host may erroneously conclude that all hosts on the network are unreachable, and that may not be the case.
[INTERNET:14] describes a slight modification the form of Destination Unreachable messages containing Code 4 (Fragmentation needed and DF set). A router MUST use this modified form when originating Code 4 Destination Unreachable messages.