nanog mailing list archives

Re: What do you consider acceptable packet / session modification for a network operator?


From: Lukas Tribus via NANOG <nanog () lists nanog org>
Date: Tue, 30 Dec 2025 21:22:10 +0100

On Sat, 27 Dec 2025 at 17:14, William Herrin via NANOG
<nanog () lists nanog org> wrote:
The ISPs I used emit ICMP packet too big messages.

Everybody emits them. Too many don't make it to the destination.

In some cases the last router before the MTU bottleneck is not
emitting the ICMP Type 3 Code 4 response.
In Cisco land for example many configs and templates contain the "no
ip unreachables" interface configuration, stopping the router from
emitting all ICMP Type 3 messages, including Code 4 Frag needed.

Non routable source IPs discarded by uRPF have been mentioned, which
is a common problem.

Then there is the issue of rate limiting. Rate limiting packets punted
to the CPU for ICMP response emission. Rate limiting ICMP response
emission itself. And sometimes even ICMP rate limiting on interfaces
as a poor mans DDoS mitigation attempt. Or ICMP QoS mapping in worse
than best effort queues that overload.


Lukas
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/EIH362A5NYP5V6FHUSWSOVA6BXJVG6NU/


Current thread: