Re: ICMP handling in Linux
On Tue, 10 Apr 2012, John A. Sullivan III wrote:
> On Tue, 2012-04-10 at 21:10 -0300, Henrique de Moraes Holschuh wrote:
> > On Tue, 10 Apr 2012, Martin T wrote:
> > > It's a well known fact that even most(with exceptions like ASR1K) of
> > > the high-end Cisco or Juniper routers handle ICMP traffic in routing
> > > engines not in ASIC's which means that they share the CPU time with
> > > other processes. How prioritized is ICMP handling in modern Linux 2.6
> > > and newer kernels? Is it possible to prioritize ICMP handling in
> > > kernel?
> >
> > AFAIK, it has the same priority of every other packet that makes it to the
> > IP stack.
> >
> > Easy depriorizing is possible by outright dropping incoming ICMP packets
> > in the iptables layer, before it is processed by the IP stack.
> >
> > I suppose advanced NICs might be able to use receiver-side flow-steering to
> > priorize or depriorize ICMP packets before delivering them to the driver, or
> > you could steer them all to a particular core.
> >
> > I fear you will probably need to ask this question in the netdev ML if
> > you want a better answer.
> >
> Setting up a qdisc via the tc utility would be a more controlled way
> than simply drop or not drop. Alas, it is not one of the simpler things
> to do in Linux - John
I suppose so, but that would require the use of ifb devices. That is likely
more expensive than handling the ICMP in the first place (with kernel ICMP
reply rate-limiters configured, obviously), so it might not work as well as
one would like it to.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Reply to: