[Outages-discussion] ICMP Filtering/Prioritization [was Re: [outages] Level3 Chicago]

Thu Aug 20 00:03:57 EDT 2009

Hi Craig & Devon,

[Discussion thread moved to outages-discussion list.]

I have a few related questions about the ICMP prioritization you mention.

On Wed, 19 Aug 2009, Craig Pierantozzi wrote:

> Yes, and when pure prioritization is not available, ISPs will use rate 
> limiting too which is one of the ways Level 3 restricts ICMP to the cpu 
> on the core devices.

Is it fair to assume any such rate limiting is strictly inbound to a local 
router?  For example, if there was a network path similar to this example:

   point_a <-> level3_router_one <-> level3_router_two <-> point_b

Would it be fair to assume that ICMP packets would NOT be rate limited 
across the Level3 network from point_a to point_b?  Those IP/ICMP packets 
would be treated as transit traffic and not limited in any way, correct? 
Working within the Level3 example, those transit-bound IP packets should 
be treated the same by CAR/BAR/EBR/HSA routers, etc.  Is that accurate?

I haven't looked, but maybe there's a NANOG thread RE ICMP prioritization. 
Perhaps there's also an engineer from Level3's IP group that could chime 
in with additional details. :-)  Thanks, in advance, for your insights.

--
William R. Lorenz

On Wed, 19 Aug 2009, Craig Pierantozzi wrote:

> Also, the car device is an edge router so there could be congestion on a 
> customer port too when higher response times are seen on the other side 
> of a hop. Response times that settle could be the control plane/data 
> plane issue or could be once traffic gets to a far end there's an 
> asymetric path that goes a different return path rather than back across 
> the link seen on the forward traceroute. All these are why simple pings 
> and traceroutes don't always tell the story.

> * Devon True was thought to have said:
>
>> 'Jeremy Chadwick' wrote:
>>
>>> That's an excellent question -- and one I've always wondered myself.
>>>
>>> This is purely speculative, but I believe outbound ICMP (e.g. sent 
>>> from the router to whatever src solicited it) is what's 
>>> de-prioritised.
>>>
>>> Someone more familiar with Cisco and Juniper equipment might know for 
>>> certain.
>>
>> Usually packets destined to the control-plane of the system are 
>> prioritized based on criteria. It is better to let routing control 
>> protocols (e.g. ospf, bgp, isis) through first than someone pinging or 
>> running a traceroute. Packets *through* the router take the normal 
>> forwarding path and are not affected by this system.
>>
>> There may be system defaults based on hardware/software, but Cisco has 
>> CoPP and I believe Juniper uses a firewall on the lo0 interface (been a 
>> while since I touched one) for user-defined rules.