|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: ICMP rate limiting on EGRESS (Warning, operational content inside)
> > It is reasonably well acknowledge that ratelimiting ICMP on *ingress* > to your network can be a good thing to do, if you have available > resources to do it. > > How about players rate-limiting ICMP on *egress* of the network over > public exchange points. I have been on the wrong end of several > smurfs over 100Mb/s over MAE-East & West, as, I'm sure have others. > Whenever anyone is smurfed like this, I presume their port blocks, > and anyone sending them data has head of line blocking. Which means, > in effect, anyone peering with anyone who is being (sufficiently > smurfed) will experience packet loss to *other* peers. DOesn't work. Cisco decided that wasn't the best application for it so egress is MONUMENTALLY innefficient and cpu intensive. (bye, bye little router) ---------------------------------------------------------------------- Wayne Bouchard [Immagine Your ] [email protected] [Company Name Here] Network Engineer ----------------------------------------------------------------------
|