James Carlson wrote:
And I'm not buying any "performance" argument here. We're talking
about the delivery of errors. Applications aren't built to deliver
bulk data via error reports. If performance (or perhaps more
accurately DoS risk) is really a concern, then we should just throttle
the rate at which we send any messages at all, rather than trying to
trim down the byte count to save a couple of cycles. That
optimization needs to be made in the right place, and being capable of
sending zillions of uselessly tiny ICMP errors per second is not
something to strive for.
Note that I am *not* saying that increasing the ICMP return
byte size is not good. But I don't think the suggestion on
using rate is good enough. The bandwidth consumed is the
number ICMP messages sent per second (rate) times the ICMP
packet size. To some sys admins, just controlling the rate is
not good enough for them to handle DoS situation.
--
K. Poon.
[email protected]
_______________________________________________
networking-discuss mailing list
[email protected]
