Re: ICMP handling in Linux
On Tue, 2012-04-10 at 21:42 -0300, Henrique de Moraes Holschuh wrote:
> On Tue, 10 Apr 2012, John A. Sullivan III wrote:
> > On Tue, 2012-04-10 at 21:10 -0300, Henrique de Moraes Holschuh wrote:
> > > On Tue, 10 Apr 2012, Martin T wrote:
> > > > It's a well known fact that even most(with exceptions like ASR1K) of
> > > > the high-end Cisco or Juniper routers handle ICMP traffic in routing
> > > > engines not in ASIC's which means that they share the CPU time with
> > > > other processes. How prioritized is ICMP handling in modern Linux 2.6
> > > > and newer kernels? Is it possible to prioritize ICMP handling in
> > > > kernel?
> > >
> > > AFAIK, it has the same priority of every other packet that makes it to the
> > > IP stack.
> > >
> > > Easy depriorizing is possible by outright dropping incoming ICMP packets
> > > in the iptables layer, before it is processed by the IP stack.
> > >
> > > I suppose advanced NICs might be able to use receiver-side flow-steering to
> > > priorize or depriorize ICMP packets before delivering them to the driver, or
> > > you could steer them all to a particular core.
> > >
> > > I fear you will probably need to ask this question in the netdev ML if
> > > you want a better answer.
> > >
> > Setting up a qdisc via the tc utility would be a more controlled way
> > than simply drop or not drop. Alas, it is not one of the simpler things
> > to do in Linux - John
>
> I suppose so, but that would require the use of ifb devices. That is likely
> more expensive than handling the ICMP in the first place (with kernel ICMP
> reply rate-limiters configured, obviously), so it might not work as well as
> one would like it to.
<snip>
I did not read the original post but I'm not sure why it would require
IFB interfaces. I have found I only use them if I need to shape rather
than police ingress traffic or if I need to do identical traffic shaping
on multiple interfaces. Then again, I have not experience configuring
kernel ICMP reply rate limiters - John
Reply to: