North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ICMP rate limiting on EGRESS (Warning, operational content inside)

  • From: Wayne Bouchard
  • Date: Mon Jan 17 12:39:06 2000

> It is reasonably well acknowledge that ratelimiting ICMP on *ingress*
> to your network can be a good thing to do, if you have available
> resources to do it.
> How about players rate-limiting ICMP on *egress* of the network over
> public exchange points. I have been on the wrong end of several
> smurfs over 100Mb/s over MAE-East & West, as, I'm sure have others.
> Whenever anyone is smurfed like this, I presume their port blocks,
> and anyone sending them data has head of line blocking. Which means,
> in effect, anyone peering with anyone who is being (sufficiently
> smurfed) will experience packet loss to *other* peers.

DOesn't work.

Cisco decided that wasn't the best application for it so egress is
MONUMENTALLY innefficient and cpu intensive. (bye, bye little router)

Wayne Bouchard                                    [Immagine Your    ]
[email protected]                                      [Company Name Here]
Network Engineer