RE: GLBX ICMP rate limiting (was RE: Tier-1 without their own bac kbone?)
Not that Yipes is necessarily a transit provider by any means, but they have done the same thing within the cores of their network. I was troubleshooting an issue yesterday that was pointing to them for 15-20% packet loss, and I called them and they stated that they started rate limiting ICMP last weekend, but that it was only on a temporary basis. -----Original Message----- From: variable@ednet.co.uk [mailto:variable@ednet.co.uk] Sent: Thursday, August 28, 2003 8:24 AM To: nanog@merit.edu Subject: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?) On Wed, 27 Aug 2003, jlewis@lewis.org wrote:
We have a similarly sized connection to MFN/AboveNet, which I won't recommend at this time due to some very questionable null routing they're doing (propogating routes to destinations, then bitbucketing traffic sent to them) which is causing complaints from some of our customers and forcing us to make routing adjustments as the customers notice MFN/AboveNet has broken our connectivity to these destinations.
We've noticed that one of our upstreams (Global Crossing) has introduced ICMP rate limiting 4/5 days ago. This means that any traceroutes/pings through them look awful (up to 60% apparent packet loss). After contacting their NOC, they said that the directive to install the ICMP rate limiting was from the Homeland Security folks and that they would not remove them or change the rate at which they limit in the foreseeable future. What are other transit providers doing about this or is it just GLBX? Cheers, Rich
Temkin, David wrote:
We've noticed that one of our upstreams (Global Crossing) has introduced ICMP rate limiting 4/5 days ago. This means that any traceroutes/pings through them look awful (up to 60% apparent packet loss). After contacting their NOC, they said that the directive to install the ICMP rate limiting was from the Homeland Security folks and that they would not remove them or change the rate at which they limit in the foreseeable future.
<rant> Are people idiots or do they just not possess equipment capable of trashing 92 byte icmp traffic and letting the small amount of normal traffic through unhindered? They are raising freakin' complaints from users who think the Microsoft ICMP tracert command is just the end all, be all and is of course completely WRONG with rate-limiting in effect. </rant> -Jack
Once upon a time, Jack Bates <jbates@brightok.net> said:
Are people idiots or do they just not possess equipment capable of trashing 92 byte icmp traffic and letting the small amount of normal traffic through unhindered?
Well, when we used the policy routing example from the Cisco advisory to drop just 92 byte ICMP traffic, we had other random types of traffic dropped as well (possibly an IOS bug, but who knows). -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Once upon a time, Jack Bates <jbates@brightok.net> said:
Are people idiots or do they just not possess equipment capable of trashing 92 byte icmp traffic and letting the small amount of normal traffic through unhindered?
Well, when we used the policy routing example from the Cisco advisory to drop just 92 byte ICMP traffic, we had other random types of traffic dropped as well (possibly an IOS bug, but who knows).
It is cisco. There are no bugs. They are unknown features. When Cisco does figure out what that those packets are, they will document it. Alex
participants (4)
-
alex@yuriev.com -
Chris Adams -
Jack Bates -
Temkin, David