Good call Marty,
I think a fair few people will have (as I did) confused the response (!A *
!A) as five responses (ping), whereas it is three responses, two of "!A"
and one of "*" (traceroute).
Gaz
""Gary Crouch"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> you are correct This is a single 256k frame relay link
>
> >>> "Marty Adkins" 04/17/01 12:51PM >>>
> "Howard C. Berkowitz" wrote:
> >
> > Only a suggestion, but the fact that there are pairs of !A suggest
> > that there might be per-packet load balancing going on, and the ACL
> > applies only to one of the paths in the load-shared bundle. That
> > could be why you get through on half the attempts (ignoring the *
> > timeout which I'll assume is a random error).
> >
> > If I were being truly perverse, though, I might think the load
> > balancing is across five paths, two of which have ACLs, two of which
> > don't, and one of which has a reachability problem.
> >
> > >You're right. !A is "administratively unreachable" which is generally
an
> > >ACL...
>
> This almost certainly occurred on a single path. All three iterations
> were blocked by an ACL, which caused the router that did so to generate
> an ICMP administratively prohibited unreachable to the source. The
> generation of all ICMP unreachables is rate-limited by IOS to no more
> than one per second to the same source. Hence the packet was silently
> dropped on #2 which produced a three-second timeout at the source.
>
> To see the pattern, perform an extended trace and set the probe count
> to 5 or 7 -- notice that every other iteration is a timeout.
>
> This self-protection mechanism slows down a persistent sender, and
> aims to limit the potential impact on all other traffic flows.
> Generating ICMP messages takes extra CPU time, beyond just the ACL
> check, because all message generation must be performed by an IOS
> process, rather than in interrupt mode (fast-switching, etc.)
>
> Marty Adkins Email: [EMAIL PROTECTED]
> Mentor Technologies Phone: 240-568-6526
> 133 National Business Pkwy WWW: http://www.mentortech.com
> Annapolis Junction, MD 20701 Cisco CCIE #1289
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> you are correct This is a single 256k frame relay link
>
> >>> "Marty Adkins" 04/17/01 12:51PM >>>
> "Howard C. Berkowitz" wrote:
> >
> > Only a suggestion, but the fact that there are pairs of !A suggest
> > that there might be per-packet load balancing going on, and the ACL
> > applies only to one of the paths in the load-shared bundle. That
> > could be why you get through on half the attempts (ignoring the *
> > timeout which I'll assume is a random error).
> >
> > If I were being truly perverse, though, I might think the load
> > balancing is across five paths, two of which have ACLs, two of which
> > don't, and one of which has a reachability problem.
> >
> > >You're right. !A is "administratively unreachable" which is generally
> an
> > >ACL...
>
> This almost certainly occurred on a single path. All three iterations
> were blocked by an ACL, which caused the router that did so to generate
> an ICMP administratively prohibited unreachable to the source. The
> generation of all ICMP unreachables is rate-limited by IOS to no more
> than one per second to the same source. Hence the packet was silently
> dropped on #2 which produced a three-second timeout at the source.
>
> To see the pattern, perform an extended trace and set the probe count
> to 5 or 7 -- notice that every other iteration is a timeout.
>
> This self-protection mechanism slows down a persistent sender, and
> aims to limit the potential impact on all other traffic flows.
> Generating ICMP messages takes extra CPU time, beyond just the ACL
> check, because all message generation must be performed by an IOS
> process, rather than in interrupt mode (fast-switching, etc.)
>
> Marty Adkins Email: [EMAIL PROTECTED]
> Mentor Technologies Phone: 240-568-6526
> 133 National Business Pkwy WWW: http://www.mentortech.com
> Annapolis Junction, MD 20701 Cisco CCIE #1289
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1205&t=915
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]