On Tue, Jul 3, 2012 at 2:05 PM, Marcin Cieslak <[email protected]> wrote: >>> Leslie Carr <[email protected]> wrote: >> When in a firewall filter, packets are rejected (which sends an ICMP >> rejected notice), the routing engine can receive too many of these >> requests, causing the routing engine to "choke" on its backlog of >> requests. > > Leslie, thanks for excellent update! Was is something similar to ICMP > storm caused by unreachables (similar to the problems caused by > subnet-directed packets in the old days) that even ICMP rate limiting > didn't help? >
Sadly ICMP rate limiting only counts for ICMP packets incoming to RE, outgoing packets are processed and created before any filters kick in. > //Saper > > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l -- Leslie Carr Wikimedia Foundation AS 14907, 43821 http://as14907.peeringdb.com/ _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
