[c-nsp] Cisco Processing Regarding ICMP

Paul Cosgrove paul.cosgrove at heanet.ie
Sun May 11 08:14:14 EDT 2008 

Hi Alaerte,

Well the packets with DF set will be dropped, but I don't know what rate 
restrictions (if any) exist about the generation of ICMP notifications 
when this occurs.  Perhaps someone else can provide that informaton.

Normally, PMTUD on the end devices should reduce the number of large 
packets you receive (in response to the ICMP notifications your router 
sends).

If PMTUD is broken or not used by those devices, for TCP traffic you 
have the option of having the router modify the segment size sent in 
transit SYN packets, to keep the packet size down.  See:
http://www.cisco.com/en/US/docs/ios/ipapp/command/reference/iap_i2.html#wp1012558
Haven't used this with high rates of traffic though and am not sure of 
the the impact the command itself will impose on the routers performance.

You may need to be more concerned about the effect of large IPv4 packets 
which do not have DF set, as I would imagine that they will put more of 
a load on the router as it fragments them.  Keep in mind that certain 
multicast packets can greatly increase this effect.

Paul.

alaerte.vidali at nsn.com wrote:
> Thanks Paul,
>
> I would like to find information about processing on 7609 under this
> situation, from traffic coming from Internet, normally users downloading
> files or watching videos. 
> Because internal network design requirements, it is necessary decrease
> internal MTU to slight lower than 1500 bytes, so I would like to know
> how 7609 will handle high number (in the worst case, or attacks) of
> packets with high MTU and DF bit set.
>
> Br,
> Alaerte 
>
> -----Original Message-----
> From: ext Paul Cosgrove [mailto:paul.cosgrove at heanet.ie] 
> Sent: Saturday, May 10, 2008 9:53 PM
> To: Vidali Alaerte (NSN - BR/Rio de Janeiro)
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Cisco Processing Regarding ICMP
>
> Hi Alaerte,
>
> This will be dependent on the hardware, traffic types, throughput and 
> software version/configuration.   You may need to explain a little more 
> in order to get an adequate answer to your question. 
>
> Large numbers of packets from a handful of hosts running PMTUD may
> require a smaller number of ICMP notifications than would be necessary
> for a larger number of hosts sending less traffic.  The difference in
> the MTUs, and the sizes of the incoming packets will also affect the
> proportion of traffic which triggers notifications.  Similarly protocols
> running on the router itself may require their packets to be fragmented.
>
> Paul.
>
> alaerte.vidali at nsn.com wrote:
>   
>>  Hi,
>>
>> Any document about how is the processing of a packet received on 
>> interface A toward interface B, where interface B has lower MTU than 
>> received packet and DF bit is set?
>>
>> (like description of the process)
>>
>> (considering CPU impact and if default limitation of ICMP generation 
>> enough when the number of packets is very high)
>>
>> Thanks,
>> Alaerte
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>   
>>     
>
>
>

More information about the cisco-nsp mailing list