[Outages-discussion] ICMP Filtering/Prioritization [was Re: [outages] Level3 Chicago]
Gert Doering
gert at greenie.muc.de
Thu Aug 20 03:21:37 EDT 2009
Hi,
On Wed, Aug 19, 2009 at 11:02:32PM -0700, Jeremy Chadwick wrote:
> I'd be interested in knowing exactly what ICMP types and codes are
> prioritised last or considered "best-effort", but providers would likely
> argue that disclosing that information could result in them being open
> to attacks. Round and round we go...
Just as a minor data point - Cisco by default de-prioritises ALL packets
sent TO a router (instead of "through the router"). This is just the way
the boxes work - forwarded packets are (under optimal conditions) forwarded
by a hardware forwarding engine, or at least on interrupt level (CEF), while
packets to the router itself are handled at the process level - read:
whenever the scheduler thinks the router has time to do so.
ICMP TTL exceeded are somewhat in between. It's not something directed to
the router itself, but it's (usually) handled at process level, and (usually)
rate-limited by the forwarding engine to avoid overwhelming the CPU.
On top of that, many ISPs deploy "control plane policing", limiting the
amount of packets to the router further, to protect its CPU - for example,
we limit ICMP *to our routers* to about 100 kbit/s. This is enough for
people to test reachability, but if customer A tries a "ping -f", customer
B will complain "your router is losing packets!!!"... but still better
than 100% CPU and subsequent packet *forwarding* troubles.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the Outages-discussion
mailing list