In message <Pine.BSI.3.91.961219152151.18639F-100000@sparks.net>, David Miller writes:
On Tue, 17 Dec 1996, Chris Caputo wrote:
There is considerable difference between forwarding a packet that happens to contain ICMP data (destination not the router) and responding to a packet that contains ICMP data (destination is the router). In the former, priority in a Cisco is the same for ICMP as it is for UDP or TCP, since this part of the packet is not even being examined. In the later, priority is lower and can be ignored altogether.
I treat ignored (link good, but no response received) ICMP echo requests as an indicator that a router is too loaded. If the router has been pushed to the point of not being able to respond to an ICMP, how well is it going to do when a bunch BGP updates occur? (rhetorical) Both are CPU intensive operations.
Would someone please tell me just why icmp echos are "cpu intensive"?
Yes, I know they're in software. So what? A PC can respond to an ethernet loaded with them with a trivial percentage of it's CPU cycles.
This sounds to me a whole lot more like a solution to an imagined problem, but I'm prepared to be convinced that responding to pings actually takes a great enough percentage of CPU cycles to slow down packet delivery.....
Thanks,
David ---------------------------------------------------------------------------- It's *amazing* what one can accomplish when one doesn't know what one can't do!
You've obviously never seen a router taking 15-25 kpps out on an interface change a major portion of the routing table to point somewhere else due to a circuit glitch on that outbound interface. In earlier versions of some routers the whole router dies. With no ICMP rate limiting you'd need to generate 25 kpps of ICMP until routing converged. That could be a fair amount of work. Some routers send ICMP to another processor that mainly handles the routing protocols and doesn't forward very well. Some routers keep it on the same card and pass it up to an IP process and incur IPC overhead rather than doing it directly. These are both slower than the primary forwarding path. The NSS used to do ICMP generation on the forwarding cards just as fast (or slow) as they forwarded packets, so it is possible. Curtis