Havard Eidnes wrote:
[...] Such a rate limiter should of course be different from the rate limiter used for locally originated traffic.
Why should?
Because one should (I'd say MUST) differentiate between shaping locally originated ICMP datagrams and forwarded ICMP datagrams
This still does not elaborate on the reasoning. So the question stays:
why SHOULD, why MUST?
(the latter which should be outside the scope of this spec, per Pekka's latest text which I agree with).
The ICMPv6 specification describes the ICMPv6 protocol, a set of ICMPv6 error and informational messages, and some rules and/or suggestions on handling ICMPv6 messages. Why should "in transit" ICMP messages be outside its scope?
If the router implements ICMP rate limiting per interface, without any differentiation between local ICMP and forwarded ICMP the effect is still the same, and none need call the ICMP protocol police (-:.
I disagree. If origination of ICMP is vital to some function or other (it would be for PMTUD in IPv4), a host could spew ICMP messages to be forwarded and prevent or significantly hamper a router along the path from originating any ICMP traffic of it's own if both the forwarded and the originating traffic uses the same rate limiter, and the originated rate exceeds the rate specified by the rate limiter.
I am sorry, the text was not clear enough:
"without any differentiation" was meant that both 'locally generated' and 'in transit' ICMP packets are passed through the same "per interface traffic management engine". It was not meant to apply to operations performed by traffic management.
The valid issue, which you pointed out, is resolved by the router performing a preferential excess packet dropping.
Who cares that the process may incure dropping some internally generated ICMP messages?
See above.
I need to clarify this too - sorry again.
This was meant that if for instance there is a sequence of 100 errored packets received from the same source, and the router generates 100 ICMP messages, the traffic management may drop a certain excess, let's say 80, and from the network perspective this would look like the router generated internally only 20 ICMP messages.
Regards,
- Håvard
Regards, Alex
smime.p7s
Description: S/MIME Cryptographic Signature-------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
