[c-nsp] Prioritize PING traffic to control plane

Dumitru Ciobarcianu cisco-nsp at lnx.ro
Thu Aug 7 05:24:56 EDT 2014


On 07-Aug-14 11:23 AM, Roland Dobbins wrote:
> 
> On Aug 7, 2014, at 3:15 PM, Dumitru Ciobarcianu <cisco-nsp at lnx.ro> wrote:
> 
>> Yes, I agree, I was just saying that I think I know his X [1] :)
> 
> Sure - the best way to deal with this is to set up some anycasted ping target nodes numbered out of TEST-NET space around the network, and tell them to point whatever they're using at that.
> 

The customer is pointing the tool to a remote server they have, we
cannot just tell them to test a node they do not care about. The problem
is not the tool or where they test, the problem is the way the customer
is interpreting the data.

I know someone who at some point filtered icmp entirely from the
customer's networks because of this and convinced the troublemakers that
"they are more secure that way". The customer was happy because he was
getting a consistent graph...

Dumitru



More information about the cisco-nsp mailing list