Would you do that to TCP or UDP traffic? At IETF I often hear laments about middle-boxes breaking the internet by being "clever" with certain types of traffic. It seems that policing ICMP falls into that category.
There may have been bugs in the past, but I'm not aware that ICMP packets are any more dangerous than UDP or TCP. And if the RFCs can be believed, ICMPv6 is critical to determining Path-MTU. Don't drop those. One may wish to rate-limit ICMP (or DNS or TCP) flows as a matter of network policy, but in my opinion this should be kept orthogonal to solving buffer bloat. Taken to the extreme, a network should support full utilization of a link doing only ping. If I wish to use my connection to the internet to ping hosts at full line rate, why not? David Dolson Senior Software Architect, Sandvine Inc. -----Original Message----- From: aqm [mailto:aqm-boun...@ietf.org] On Behalf Of Wes Felter Sent: Monday, March 02, 2015 3:07 PM To: a...@ietf.org Cc: cerowrt-devel@lists.bufferbloat.net; bl...@lists.bufferbloat.net Subject: Re: [aqm] ping loss "considered harmful" What about a token bucket policer, so more than N ICMP/second gets penalized but a normal ping won't be. -- Wes Felter _______________________________________________ aqm mailing list a...@ietf.org https://www.ietf.org/mailman/listinfo/aqm _______________________________________________ Cerowrt-devel mailing list Cerowrt-devel@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cerowrt-devel