[26807] in North American Network Operators' Group
Re: ICMP rate limiting on EGRESS (Warning, operational content inside)
daemon@ATHENA.MIT.EDU (Wayne Bouchard)
Mon Jan 17 12:39:14 2000
From: Wayne Bouchard <web@typo.org>
Message-Id: <200001171737.KAA30886@typo.org>
In-Reply-To: <E129uA3-0005sM-00@sapphire.noc.gxn.net> from Alex Bligh at "Jan 16, 2000 06:12:23 pm"
To: amb@gxn.net
Date: Mon, 17 Jan 2000 10:37:20 -0700 (MST)
Cc: nanog@merit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
>
> It is reasonably well acknowledge that ratelimiting ICMP on *ingress*
> to your network can be a good thing to do, if you have available
> resources to do it.
>
> How about players rate-limiting ICMP on *egress* of the network over
> public exchange points. I have been on the wrong end of several
> smurfs over 100Mb/s over MAE-East & West, as, I'm sure have others.
> Whenever anyone is smurfed like this, I presume their port blocks,
> and anyone sending them data has head of line blocking. Which means,
> in effect, anyone peering with anyone who is being (sufficiently
> smurfed) will experience packet loss to *other* peers.
DOesn't work.
Cisco decided that wasn't the best application for it so egress is
MONUMENTALLY innefficient and cpu intensive. (bye, bye little router)
----------------------------------------------------------------------
Wayne Bouchard [Immagine Your ]
web@typo.org [Company Name Here]
Network Engineer
----------------------------------------------------------------------
