On Mon, 9 Aug 2004, Alex Conta wrote: > There is no doubt that setting ICMP rate limiting per node in a router > with both slow and fast interfaces to accomodate one interface may be > very detrimental to the other: imagine T1 and 1Gbit Ethernet interfaces; > 1% of a T1s 1.5Mbit/sec is 15kbit/sec, which is 0.00000015% of a > 1Gbit/sec, and 1% of a 1Gbit/Sec is 10Mbit/sec, way over 1.5Mbit/sec.
You may have an assumption that the rate-limiting would have to be a percentage of the interface speed. That's (IMHO) a bad strategy, exactly why you describe: it doesn't handle fast/slow interfaces appropriately. (However, you could limit the upper bound for token bucket based on the interface speed, I guess.) The point we tried to make in the ICMP spec revision is that using a token-bucket rate-limiter is a good idea, because even if you have a refill rate of even so low as 10 packets/second (or the like), that should always be sufficient even on faster links, but not cause significant problems on slower links. > Essentially, I was looking for something like the references I am > mentioning below. These references provide examples of rate limiting > ICMP per interface in LINUX systems, as well as CISCO routers, > supposedly in relationship to traffic managament. OK. (I snipped the examples.) These are the ways to perform manual rate-limiting (in more general). For the two platforms I mentioned, for ICMP only, it's automatically enabled and controllable through net.ipvX.icmp_ratelimit sysctl's. For xxxBSD, that's net.inet.icmp.icmplim. By default, they start rate-limiting at 100 or 200 pps AFAIR. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
