[c-nsp] Cisco Processing Regarding ICMP
alaerte.vidali at nsn.com
alaerte.vidali at nsn.com
Sun May 11 13:59:06 EDT 2008
Are you sure by default it is not configured any rate?
It seems it default to two per second.
-----Original Message-----
From: ext Alexandre Snarskii [mailto:snar at paranoia.ru]
Sent: Sunday, May 11, 2008 3:32 PM
To: Paul Cosgrove
Cc: Vidali Alaerte (NSN - BR/Rio de Janeiro); cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco Processing Regarding ICMP
On Sun, May 11, 2008 at 01:14:14PM +0100, Paul Cosgrove wrote:
> Hi Alaerte,
>
> Well the packets with DF set will be dropped, but I don't know what
> rate restrictions (if any) exist about the generation of ICMP
> notifications when this occurs. Perhaps someone else can provide that
informaton.
You can rate-limit ICMP generation due to MTU failures:
Router(config)#mls rate-limit all mtu-failure ?
<10-1000000> packets per second
but, by default it not configured to any rate:
Router#show mls rate-limit
Sharing Codes: S - static, D - dynamic
Codes dynamic sharing: H - owner (head) of the group, g - guest of the
group
Rate Limiter Type Status Packets/s Burst Sharing
--------------------- ---------- --------- ----- -------
[...]
MTU FAILURE Off - - -
so, it's possible that high rate of MTU failures will overload your
65xx/76xx..
More information about the cisco-nsp
mailing list