Filter
Top Products
Note on Testing
ICMP Rate-Limiting
Port Traffic Controls
Rate-Limiting
ICMP rate-limiting is applied to the available bandwidth on an interface. If the
total bandwidth requested by all ICMP traffic is less than the available,
configured maximum rate, then no ICMP rate-limit can be applied. That is, an
interface must be receiving more inbound ICMP traffic than the configured
bandwidth limit allows. If the interface is configured with both rate-limit all
and rate-limit icmp, then the ICMP limit can be met or exceeded only if the rate
limit for all types of inbound traffic has not already been met or exceeded.
Also, to test the ICMP limit it is necessary to generate ICMP traffic that exceeds
the configured ICMP rate limit. Using the recommended settings—1% for edge
interfaces and 5% maximum for core interfaces—it is easy to generate suffi-
cient traffic. However, if you are testing with higher maximums, it is necessary
to ensure that the ICMP traffic volume exceeds the configured maximum.
Note also that testing ICMP rate-limiting where inbound ICMP traffic on a
given interface has destinations on multiple outbound interfaces, the test
results must be based on the received outbound ICMP traffic.
ICMP rate-limiting is not reflected in counters monitoring inbound traffic
because inbound packets are counted before the ICMP rate-limiting drop
action occurs.
ICMP Rate-Limiting Trap and Event Log Messages
If the switch detects a volume of inbound ICMP traffic on a port that exceeds
the ICMP rate-limit configured for that port, it generates one SNMP trap and
one informational Event Log message to notify the system operator of the
condition. (The trap and Event Log message are sent within two minutes of
when the event occurred on the port.)
For example:
I 06/30/05 11:15:42 RateLim: ICMP traffic exceeded
configured limit on port A1
These trap and Event Log messages provide an advisory that inbound ICMP
traffic on a given interface has exceeded the configured maximum. The
additional ICMP traffic is dropped, but the excess condition may indicate an
infected host (or other traffic threat or network problem) on that interface.
The system operator should investigate the attached devices or network
conditions further.
13-17