nanog mailing list archives
Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?)
From: "Wayne E. Bouchard" <web () typo org>
Date: Thu, 28 Aug 2003 07:51:05 -0700
On Thu, Aug 28, 2003 at 08:48:50AM -0400, Jared Mauch wrote:
they [customers] expect a bit of loss when transiting a peering circuit or public fabric, and if the loss is only of icmp they tend to not care.
Um, since when? My customers expect perfection and if they don't get it, they're gonna gripe. Even if it's just the appearance of a problem (through traceroute and ICMP echo or similar), I'm going to hear about it. Personally, I tollerate a little loss. But I'm an engineer. I'm not a customer who has little or no concept of how the internet works and who doesn't really want to. The customer just wants it to work and when it doesn't they expect me to fix it, not explain to them that there really isn't a problem and that it's all in their head.
What are other transit providers doing about this or is it just GLBX?here's one of many i've posted in the past, note it's also related to securing machines. http://www.ultraviolet.org/mail-archives/nanog.2002/0168.html I recommend everyone do such icmp rate-limits on their peering circuits and public exchange fabrics to what is a 'normal' traffic flow on your network. The above message from the archives is from Jan 2002, if these were a problem then and still are now, perhaps people should either 1) accept that this is part of normal internet operations, or 2) decide that this is enough and it's time to seriously do something about these things.
While rate limiting ICMP can be a good thing, it has to be done carefully and probably can't be uniform across the backbone. (think of a common site that gets pinged whenever someone wants to test to see if their connection went down or if it's just loaded.. Limit ICMP into them impropperly and lots of folks notice.) Such limiting also has to undergo periodic tuning as traffic levels increase, traffic patterns shift, and so forth. If a provider is willing to put the effort into it to do it right, I'm all for it. If they're just gonna arbitrarily decide that the allowable flow rate is 200k across an OC48 and never touch it again then that policy is going to cause problems. --- Wayne Bouchard web () typo org Network Dude http://www.typo.org/~web/
Attachment:
_bin
Description:
Current thread:
- Re: Tier-1 without their own backbone?, (continued)
- Re: Tier-1 without their own backbone? Leo Bicknell (Aug 27)
- Re: Tier-1 without their own backbone? David Diaz (Aug 27)
- RE: Tier-1 without their own backbone? Joel Perez (Aug 27)
- RE: Tier-1 without their own backbone? Sean Crandall (Aug 27)
- Re: Tier-1 without their own backbone? John Palmer (Aug 27)
- Re: Tier-1 without their own backbone? Larry Rosenman (Aug 27)
- Re: Tier-1 without their own backbone? Will Yardley (Aug 27)
- RE: Tier-1 without their own backbone? jlewis (Aug 27)
- GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) variable (Aug 28)
- Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Jared Mauch (Aug 28)
- Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Wayne E. Bouchard (Aug 28)
- Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Christopher L. Morrow (Aug 28)
- Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Jared Mauch (Aug 28)
- Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Robert Boyle (Aug 28)
- Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Paul Vixie (Aug 28)
- Re: Tier-1 without their own backbone? John Palmer (Aug 27)
- Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Alex Rubenstein (Aug 28)
- Message not available
- Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Robert Boyle (Aug 28)
- Re: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) Steve Carter (Aug 28)
- ICMP traffic increasing on most backbones Re: GLBX ICMP rate limiting Sean Donelan (Aug 28)
- Re: ICMP traffic increasing on most backbones Re: GLBX ICMP rate limiting Steve Carter (Aug 28)
- Re: ICMP traffic increasing on most backbones Re: GLBX ICMP rate limiting Rachael Treu (Aug 28)