[c-nsp] Cisco Processing Regarding ICMP
Alexandre Snarskii
snar at paranoia.ru
Sun May 11 08:32:10 EDT 2008
On Sun, May 11, 2008 at 01:14:14PM +0100, Paul Cosgrove wrote:
> Hi Alaerte,
>
> Well the packets with DF set will be dropped, but I don't know what rate
> restrictions (if any) exist about the generation of ICMP notifications
> when this occurs. Perhaps someone else can provide that informaton.
You can rate-limit ICMP generation due to MTU failures:
Router(config)#mls rate-limit all mtu-failure ?
<10-1000000> packets per second
but, by default it not configured to any rate:
Router#show mls rate-limit
Sharing Codes: S - static, D - dynamic
Codes dynamic sharing: H - owner (head) of the group, g - guest of the group
Rate Limiter Type Status Packets/s Burst Sharing
--------------------- ---------- --------- ----- -------
[...]
MTU FAILURE Off - - -
so, it's possible that high rate of MTU failures will overload your
65xx/76xx..
More information about the cisco-nsp
mailing list