Firewall Wizards mailing list archives
Re: ICMP Packets.
From: blast <blast () broder com>
Date: Sun, 7 Jun 1998 13:34:28 -0700 (PDT)
On Sat, 6 Jun 1998, Darren Reed wrote:
In some email I received from tqbf () pobox com, sie wrote:You could consider adding "source quench" ICMP messages to the "let through" list.Why? Source quench is deprecated (generating even more traffic in diagnostic messages as a result of congestion isn't the best design), and some operating systems may misbehave in reacting to them.I didn't know it was deprecated...since when did that happen ? At least FreeBSD 2.2.5 generates and handles them, so it must of happened while someone wasn't looking.
I want to chime in on this 'Source quench' topic. ICMP is IP's janitor and you have to ask yourself whether you can run the show with or without a janitor. (Also, ask yourself whether the janitor can be asked to do nasty things to your system.):-) Some of the more interesting uses of ICMP Source Quench I've experienced have been from routing vendors who will use it to signal IP (Layer3) with the congestion state of a Layer2 Protocol. An example of this would be Frame Relay (Layer2) FECN/BECN's being signaled within Layer2 and the end-point routers signaling each other with ICMP Source Quench to make IP aware of what is going on at Layer2. Whether this is successful is another story because of vendors implementation and network eng. configurations. Keep in mind that not all Layer3 protocols offer a "quenching" facility so when you have a router that is offering transit for Layer3 multiple protocols, consider that the other protocols may start to hog resources when congestion is experienced. IP is has an opportunity to be polite. -Tim Keanini %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \ Tim Keanini | "The limits of my language, / / | are the limits of my world." \ \ blast () broder com | --Ludwig Wittgenstein / \ +================================================/ |Key fingerprint = 7B 68 88 41 A8 74 AB EC F0 37 98 4C 37 F7 40 D6 | / PUB KEY: http://www-swiss.ai.mit.edu/~bal/pks-commands.html \ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Current thread:
- Re: ICMP Packets., (continued)
- Re: ICMP Packets. Perry E. Metzger (Jun 03)
- Re: ICMP Packets. Bennett Todd (Jun 04)
- Re: ICMP Packets. Paul D. Robertson (Jun 05)
- Re: ICMP Packets. Perry E. Metzger (Jun 03)
- Re: ICMP Packets. Don Kendrick (Jun 02)
- Re: ICMP Packets. Perry E. Metzger (Jun 03)
- Re: ICMP Packets. matthew green (Jun 04)
- Re: ICMP Packets. Bennett Todd (Jun 04)
- Re: ICMP Packets. Darren Reed (Jun 05)
- Re: ICMP Packets. tqbf (Jun 07)
- Re: ICMP Packets. Darren Reed (Jun 07)
- Re: ICMP Packets. blast (Jun 08)
- Re: ICMP Packets. Aleph One (Jun 09)
- Re: ICMP Packets. Perry E. Metzger (Jun 03)
- Re: ICMP Packets. Ge' Weijers (Jun 05)
- Re: ICMP Packets. Bennett Todd (Jun 05)
- Re: ICMP Packets. tqbf (Jun 04)
- Re: ICMP Packets. Paul D. Robertson (Jun 05)
- Re: ICMP Packets.uy tqbf (Jun 07)
- Re: ICMP Packets. Henry Hertz Hobbit (Jun 07)