North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Refusing Pings on Core Routers??? A new trend?

  • From: Rubens Kuhl Jr.
  • Date: Thu Oct 19 22:18:13 2006
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=lPUq5zHKtI4QDhkHPoFIUqLjZIykCb5zBiZ74SDpBc9zyPtPsyjgp+lHBnceN/fpGpoS+Vm+XK13NksiVyoWnhHOWqDIn7Te6dhN69I+JCnjoQ2LiJ1sMpC8K+3KwXDb0kaTGc0nE2cumPwYRG26OKTgo6t0pz1lMzXqBKz/tCA=


template response -- I hear is "Well, you can't rely on traceroute
because of ICMP prioritisation".  When you start to explain how
traceroute actually works (both ICMP-based and UDP-based (which
still relies on ICMP responses, of course!)), and that ICMP prio
should only affect the IP of which the router listens on (and not
hops beyond or at the dest), most NOCs fire back with another
If I recall well, Cisco GSRs impose low priority and/or limits for all
ICMP traffic flowing thru the box, not just packets to/from router
itself, and there's not a knob to adjust that.

Also of notice is that packets that expire TTL needs some kind of
low-path processing, and will be subject to increased latency or loss
compared to normal ones, and this affects every tool to trace packets
thru the network I've seen.