[rbak-nsp] Internal icmp ratelimiting?

Mariano Juliá mjuliaq at gmail.com
Fri Sep 16 07:19:36 EDT 2011 

Yes, there is a hard coded policer for locally bound ICMP packets.

As a matter of fact, ICMP packets destined to any local IP address never 
reach the XCRP, they are always handled by the input traffic card 
regardless of whether the interface belong to that card or not. So it 
does for most protocol keepalives although those are not ratelimited.

I took notes of the ICMP rate limit values, some are in bytes others in 
packets per second, unfortunately I didn't write down which ones are which.

ICMP echo request 1000,1500
ICMP echo reply 1000,1500
Net Unreach 10,20
Host Unreach 10,20
port unreach 10,20
DF unreach  1000,2000
admin prohibited 10,20
TTL exceed 100,200
Net Redirect 10,20
host redirect 10,20
Parameter problem 10,20

If I recall correctly, one of the commands under "show card" has 
counters for traffic dropped by this policer but I don't have access to 
a Redback any more so I can't be more precise.

Regards,

Mariano

On 14/09/2011 14:08, Jim Tyrrell wrote:
> Does SEOS have some sort of control plane policing that will drop ICMP
> packets in an MPLS environment? I have configured a vpn context but when
> testing I'm getting packetloss when pinging the SE600 from our Cisco
> routers. I have the following setup:
>
> R1 -> R2 -> SE600 -> DSL line (L2TP session)
>
> R1 & R2 can ping each other fine, and they can also ping the DSL line
> with 0 packetloss, but when I ping between the Cisco and SE600 I'm
> getting packetloss:
>
>
> ping vrf test 172.16.10.3 repeat 100
> Sending 100, 100-byte ICMP Echos to 172.16.10.3, timeout is 2 seconds:
> !!!!!!!!!!.!!!!!!!!!!.!!!!!!!!!!.!!!!!!!!!!.!!!!!!!!!!.!!!!!!!!!!.!!!!!!!!!!.!!!!!!!!!!.!!!!!!!!!!.!
>
> Success rate is 91 percent (91/100), round-trip min/avg/max = 1/1/4 ms
>
> It seems to be quite regular, and doesnt happen when pinging through the
> SE600 to the DSL line so I'm thinking there is some kind of ratelimiting
> on the SE600 itself?
>
> Thanks.
>
> Jim.
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp

More information about the redback-nsp mailing list