[48211] in North American Network Operators' Group
RE: operational: icmp echo out of control?
daemon@ATHENA.MIT.EDU (James Smith)
Sat May 25 00:24:45 2002
Message-ID: <171DAAD54475984F8F41345A0945DF9CFEE9B6@hqexchange.presidio.com>
From: James Smith <jsmith@PRESIDIO.com>
To: "'nanog@merit.edu'" <nanog@merit.edu>
Date: Thu, 23 May 2002 17:05:01 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C2029D.80F348C6"
Errors-To: owner-nanog-outgoing@merit.edu
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C2029D.80F348C6
Content-Type: text/plain
> -----Original Message-----
> From: Richard A Steenbergen [mailto:ras@e-gerbil.net]
> Sent: Thursday, May 23, 2002 4:36 PM
> To: Mark Kent
> Cc: nanog@merit.edu
> Subject: Re: operational: icmp echo out of control?
>
> Path latency doesn't change much, you can determine this with very few
> probes. Reachability does not need to be continuously probed,
> you can take
> cues from other data to decide if you need to re-probe.
I wonder if this can be used to profile a network for the sales droids? If
one of your routers is being pinged continuously, this might be an
indication they are using some sort of "Route Optimization/Failover" box.
Especially if you ask them why they are pinging you on the order of 1-5pps
and they can't really give an answer and don't turn it down. Sic-em! Sell
them that managed BGP!
For instance, the FatPipe box does this sort of thing "so you don't have to
use BGP" to (sort of) multihome. Link failure is detected by loss of ping
response. Failover (link and DNS) is under five seconds, so to prevent
premature failover, ping often, and only failover if you take, say, three
lost packets.
The question for network operators is (just so this is kind of OT), is this
kind of monitoring by the customer more of an annoyance, or a real item of
operational concern? How would you react if you had a customer pinging the
router on your side of his link (or farther upstream) that refused to limit
the pings?
James H. Smith II NNCDS NNCSE
Professional Services - Network Engineer
The Presidio Corporation
------_=_NextPart_001_01C2029D.80F348C6
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3DUS-ASCII">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2650.12">
<TITLE>RE: operational: icmp echo out of control?</TITLE>
</HEAD>
<BODY>
<BR>
<BR>
<P><FONT SIZE=3D2>> -----Original Message-----</FONT>
<BR><FONT SIZE=3D2>> From: Richard A Steenbergen [<A =
HREF=3D"mailto:ras@e-gerbil.net">mailto:ras@e-gerbil.net</A>]</FONT>
<BR><FONT SIZE=3D2>> Sent: Thursday, May 23, 2002 4:36 PM</FONT>
<BR><FONT SIZE=3D2>> To: Mark Kent</FONT>
<BR><FONT SIZE=3D2>> Cc: nanog@merit.edu</FONT>
<BR><FONT SIZE=3D2>> Subject: Re: operational: icmp echo out of =
control?</FONT>
<BR><FONT SIZE=3D2>> </FONT>
<BR><FONT SIZE=3D2>> Path latency doesn't change much, you can =
determine this with very few</FONT>
<BR><FONT SIZE=3D2>> probes. Reachability does not need to be =
continuously probed, </FONT>
<BR><FONT SIZE=3D2>> you can take</FONT>
<BR><FONT SIZE=3D2>> cues from other data to decide if you need to =
re-probe. </FONT>
</P>
<P><FONT SIZE=3D2>I wonder if this can be used to profile a network for =
the sales droids? If one of your routers is being pinged continuously, =
this might be an indication they are using some sort of "Route =
Optimization/Failover" box. Especially if you ask them why they =
are pinging you on the order of 1-5pps and they can't really give an =
answer and don't turn it down. Sic-em! Sell them that managed =
BGP!</FONT></P>
<P><FONT SIZE=3D2>For instance, the FatPipe box does this sort of thing =
"so you don't have to use BGP" to (sort of) multihome. Link =
failure is detected by loss of ping response. Failover (link and DNS) =
is under five seconds, so to prevent premature failover, ping often, =
and only failover if you take, say, three lost packets. </FONT></P>
<P><FONT SIZE=3D2>The question for network operators is (just so this =
is kind of OT), is this kind of monitoring by the customer more of an =
annoyance, or a real item of operational concern? How would you react =
if you had a customer pinging the router on your side of his link (or =
farther upstream) that refused to limit the pings?</FONT></P>
<P><FONT SIZE=3D2>James H. Smith II NNCDS NNCSE</FONT>
<BR><FONT SIZE=3D2>Professional Services - Network Engineer</FONT>
<BR><FONT SIZE=3D2>The Presidio Corporation</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C2029D.80F348C6--
