GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?)

Thu Aug 28 16:30:16 UTC 2003

On Thu, 2003-08-28 at 17:37, Steve Carter wrote:

> I speak for Global Crossing when I say that ICMP rate limiting has existed
> on the Global Crossing network, inbound from peers, for a long time ... we
> learned our lesson from the Yahoo DDoS attack (when they were one of our
> customers) back in the day and it was shortly thereafter that we
> implemented the rate limiters.  Over the past 24 hours we've performed
> some experimentation that shows outbound rate limiters being also of value
> and we're looking at the specifics of differentiating between happy ICMP
> and naughty 92 byte packet ICMP and treating the latter with very strict
> rules ... like we would dump it on the floor.  This, I believe, will stomp 
> on the bad traffic but allow the happy traffic to pass unmolested.

I think I can safely say that GBLX is beyond "looking at the specifics"
of dropping 92-byte ICMP's, and are in fact doing it. And have not
really bothered telling their customers about it either.

We happen to use GBLX as one of our upstreams, and have a GigE pipe
towards them. Since MS in their infinite wisdom seem to use 92-byte ICMP
Echos in the Windows tracert.exe without having any option to use
another protocol and/or packetsize, this certainly has generated several
calls to OUR support desk today, by customers of ours claiming "your
routing is broken, traceroutes aren't getting anywhere!".

Although I obviously understand the reasons, it WOULD be nice if if a
supplier would at least take the trouble to inform us when they start
applying filters to customer traffic, so our helpdesk would be prepared
to answer questions about it. We are not a peer, but a paying customer
after all.

Oh, and it is not rate-limiting causing this, it is most definitely
92-byte filters. "traceroute -P icmp www.gblx.net 92" from a decent OS
will drop, any other packetsize works like a charm.

/leg