Not that Yipes is necessarily a transit provider by any means, but they have
done the same thing within the cores of their network. I was
troubleshooting an issue yesterday that was pointing to them for 15-20%
packet loss, and I called them and they stated that they started rate
limiting ICMP last weekend, but that it was only on a temporary basis.
Temkin, David wrote:
We've noticed that one of our upstreams (Global Crossing) has introduced ICMP rate limiting 4/5 days ago. This means that any traceroutes/pings through them look awful (up to 60% apparent packet loss). After contacting their NOC, they said that the directive to install the ICMP rate limiting was from the Homeland Security folks and that they would not remove them or change the rate at which they limit in the foreseeable future.
<rant>
Are people idiots or do they just not possess equipment capable of trashing 92 byte icmp traffic and letting the small amount of normal traffic through unhindered? They are raising freakin' complaints from users who think the Microsoft ICMP tracert command is just the end all, be all and is of course completely WRONG with rate-limiting in effect.
</rant>
-Jack
Once upon a time, Jack Bates <jbates@brightok.net> said:
Are people idiots or do they just not possess equipment capable of
trashing 92 byte icmp traffic and letting the small amount of normal
traffic through unhindered?
Well, when we used the policy routing example from the Cisco advisory to
drop just 92 byte ICMP traffic, we had other random types of traffic
dropped as well (possibly an IOS bug, but who knows).
Once upon a time, Jack Bates <jbates@brightok.net> said:
> Are people idiots or do they just not possess equipment capable of
> trashing 92 byte icmp traffic and letting the small amount of normal
> traffic through unhindered?Well, when we used the policy routing example from the Cisco advisory to
drop just 92 byte ICMP traffic, we had other random types of traffic
dropped as well (possibly an IOS bug, but who knows).
It is cisco. There are no bugs. They are unknown features. When Cisco does
figure out what that those packets are, they will document it.
Alex