From what I am (unscientifically) seeing, packet loss over the MAE is spikey and can go through periodicity of badness not dissimilar to the length of such DoS attacks. I am not, of course, suggesting
It is reasonably well acknowledge that ratelimiting ICMP on *ingress* to your network can be a good thing to do, if you have available resources to do it. How about players rate-limiting ICMP on *egress* of the network over public exchange points. I have been on the wrong end of several smurfs over 100Mb/s over MAE-East & West, as, I'm sure have others. Whenever anyone is smurfed like this, I presume their port blocks, and anyone sending them data has head of line blocking. Which means, in effect, anyone peering with anyone who is being (sufficiently smurfed) will experience packet loss to *other* peers. By rate-limiting ICMP on output (to perhaps 3 or 4 times its nowmal value which here is 4 times 1% of normal traffic levels), then if one of your peers is being smurfed, you help save HoL blocking occurring. If your peer blocks these on ingress, it won't help - the packets will still get switched. that this will solve all the MAE's problems. If the Gigaswitches could give even an approximation of total traffic that was ICMP, and see if peaks in this correspond to peaks in packet loss between routers on the MAE (not just across the switch fabric), we could even attempt to measure this. Is this a good idea? -- Alex Bligh GX Networks (formerly Xara Networks)