Re: ICMPv6 Rate Limiting Methods: Revised Text (2)

Tue, 13 Jan 2004 11:43:05 -0800 

On Thu, 8 Jan 2004 [EMAIL PROTECTED] wrote:

Let me take my stab at trying the wording of this text:

=====
    (f) Finally, in order to limit the bandwidth and forwarding costs
        incurred sending ICMPv6 error messages, an IPv6 node MUST limit
        the rate of ICMPv6 error messages it sends.  This situation may
        occur when a source sending a stream of erroneous packets fails
        to heed the resulting ICMPv6 error messages.

        One good way to implement the rate-limiting function is a token
        bucket, allowing up to B back-to-back error messages to 
        be transmitted in a burst, but limiting the average rate of 
        transmission to N, where N can either be packets/seconds or a 
        fraction of the attached link's bandwidth.

        Rate-limiting mechanisms which cannot cope with bursty traffic
        (e.g., traceroute) are not recommended; thus a simple timer-based
        implementation, allowing an error message every T 
        milliseconds (even with low values for T), is not reasonable.

        The rate-limiting parameters SHOULD be configurable.  In the case
        of a token-bucket implementation, the best defaults depend on where
        the implementation is expected to be deployed (e.g., a high-end 
        router vs. an embedded host).  For example, in a small/mid -sized
        device, the possible defaults could be B=10, N=10/s.
=====

Reasoning: 
 - RFC1918 states rate-limiting SHOULD be configurable.  A MUST seems 
too heavy in case the implementation and the defaults have been chosen 
properly.

 - Pure bandwidth-based mechanism doesn't seem to be useful at all, so 
for simplicit, omit it from here (can be coupled with a token bucket 
still).

 - It's rather difficult to recommend good values for B and N, as
different kinds of nodes may have entirely different deployment
scenarios.  I don't feel particularly strongly on this, just invented
some values which would probably be OK for all but the biggest
routers.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings


--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Reply via email to