Questions about ICMP
lowen at pari.edu
Sat Dec 8 16:20:35 UTC 2007
On Saturday 08 December 2007, John Summerfield wrote:
> This http://www.cisco.com/warp/public/707/21.html has a section on Flood
> Management. Read it, it doesn't apply to many on this list.
One thing even this document misses about high-end cisco routers is that you
do want to throttle pings to the loopback interface; it is possible to
overload a Cisco 12012's GRP, for instance, with high-rate pings from a high
speed interface interface (I've done that to ours through an OC12 SRP/DPT
connection, but the OC3 I have to the Internet isn't quite big enough to do
The distributed nature of that beast (and the 7500 series, as well as the
6500/7600 series) means the router is handling at times a hundred or a
thousand times the bandwidth that the CPU on the route processor could
handle. Well, essentially anything that would force a dCEF platform to drop
to process switching on a >OC3 interface would do, but pinging the loopback
is pretty close (which is why the loopbacks typically have tight ACL's and
QoS setups to prevent RP CPU overload).
But the same is true for many of the layer 2 Catalysts when pinging the
management port (sc0); a SupIII or IIIG on a Catalyst 5500, for instance, can
be brought to its knees by hitting hard on sc0 (CPU overload on a layer 2
catalyst can really wreak havoc with spanning tree, which can pull your
entire layer 2 network down hard when BPDU's get missed).
On Linux, you're not likely to bring a box to its knees with pings, even on
Gigabit interfaces, because the box's throughput isn't typically large enough
to allow it.
However, I've found that the preemptive kernel (the PlanetCCRMA low latency
one was what I tested) on my Dell 640m can be easily brought to its knees
with any high interrupt load; the stock kernel doesn't exhibit this behavior.
Chief Information Officer
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC 28772
More information about the users