[j-nsp] Massive ICMP test. Could it generate problems?
Richard A Steenbergen
ras at e-gerbil.net
Tue Dec 9 11:25:35 EST 2003
On Tue, Dec 09, 2003 at 10:50:49AM -0500, Scotty wrote:
> hmm So,
>
> What are the Default filters? If i remember I saw something on this
> list saying 50pps on an m20 with SSB-E to the RE, yet this security doc
> is limiting to 500kpps.. that doesnt make sense. Wont the built-in
> filter take over first? Also when is this filter applied? Only to
> packets destined to the lo address or any icmp to any interface with a
> real ip?
>
> I'm asking cause Im seeing alot of throttled icmps..
>
> scott at bdr1> show pfe statistics ip icmp
> {snip}
> ICMP Errors:
> {snip}
> 0 bad input interface
> 6984689 throttled icmps
> 0 runts
>
> What condition causes throttled icmps?
PFE statistics are not related to the RE. Those are ICMPs being generated
by the exception processor on the SSB, such as dest unreachables and ttl
exceeds for traceroute responses.
Ex:
ICMP Statistics:
75516902 requests
6037257 network unreachables
40493136 ttl expired
...
28970412 throttled icmps
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list