Hi,
when looking at amsix peering template, I found that generating of icmp unreachables shall be disabled. Is that a good idea? Some say it breaks PMTU (so I am wondering why this was also present in a pppoe virtual-template just seen on the list here). Also, several secure-your-network checklists insist on setting it on at least all external interfaces. Or rate-limit RP/0/RSP0/CPU0:ASR9901(config)#icmp ipv4 rate-limit unreachable ? <1-4294967295> One ICMP unreachable message in x milliseconds(default is 500ms) DF Fragmentation needed and DF set (code4) disable Disable rate limit of ICMP messages RP/0/RSP0/CPU0:ASR9901(config)# Is this "per chassis" so it will send maximum 2 icmp unreachable messages per second ? What is a "good" value to keep things like PMTU working but also the device happy ? 10ms ? Thank you for your help, Jürgen. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/