[rbak-nsp] Internal icmp ratelimiting?

Christopher O'Shea casper.oshea at gmail.com
Fri Sep 16 07:52:57 EDT 2011 

Show card X icmp  <detail/Hidden>

I think is the command you want.


Chris O'Shea



2011/9/16 Mariano Juliá <mjuliaq at gmail.com>

> Yes, there is a hard coded policer for locally bound ICMP packets.
>
> As a matter of fact, ICMP packets destined to any local IP address never
> reach the XCRP, they are always handled by the input traffic card regardless
> of whether the interface belong to that card or not. So it does for most
> protocol keepalives although those are not ratelimited.
>
> I took notes of the ICMP rate limit values, some are in bytes others in
> packets per second, unfortunately I didn't write down which ones are which.
>
> ICMP echo request 1000,1500
> ICMP echo reply 1000,1500
> Net Unreach 10,20
> Host Unreach 10,20
> port unreach 10,20
> DF unreach  1000,2000
> admin prohibited 10,20
> TTL exceed 100,200
> Net Redirect 10,20
> host redirect 10,20
> Parameter problem 10,20
>
> If I recall correctly, one of the commands under "show card" has counters
> for traffic dropped by this policer but I don't have access to a Redback any
> more so I can't be more precise.
>
> Regards,
>
> Mariano
>
>
> On 14/09/2011 14:08, Jim Tyrrell wrote:
>
>> Does SEOS have some sort of control plane policing that will drop ICMP
>> packets in an MPLS environment? I have configured a vpn context but when
>> testing I'm getting packetloss when pinging the SE600 from our Cisco
>> routers. I have the following setup:
>>
>> R1 -> R2 -> SE600 -> DSL line (L2TP session)
>>
>> R1 & R2 can ping each other fine, and they can also ping the DSL line
>> with 0 packetloss, but when I ping between the Cisco and SE600 I'm
>> getting packetloss:
>>
>>
>> ping vrf test 172.16.10.3 repeat 100
>> Sending 100, 100-byte ICMP Echos to 172.16.10.3, timeout is 2 seconds:
>> !!!!!!!!!!.!!!!!!!!!!.!!!!!!!!**!!.!!!!!!!!!!.!!!!!!!!!!.!!!!!**
>> !!!!!.!!!!!!!!!!.!!!!!!!!!!.!!**!!!!!!!!.!
>>
>> Success rate is 91 percent (91/100), round-trip min/avg/max = 1/1/4 ms
>>
>> It seems to be quite regular, and doesnt happen when pinging through the
>> SE600 to the DSL line so I'm thinking there is some kind of ratelimiting
>> on the SE600 itself?
>>
>> Thanks.
>>
>> Jim.
>> ______________________________**_________________
>> redback-nsp mailing list
>> redback-nsp at puck.nether.net
>> https://puck.nether.net/**mailman/listinfo/redback-nsp<https://puck.nether.net/mailman/listinfo/redback-nsp>
>>
> ______________________________**_________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/**mailman/listinfo/redback-nsp<https://puck.nether.net/mailman/listinfo/redback-nsp>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20110916/12120e81/attachment.html>

More information about the redback-nsp mailing list