N5000 & ICMP Rate Limit

Answered Question
Jan 12th, 2010

All,

Does the N5000 run an ICMP rate limiter by default ?

I just connected a N5000 up to a C6500 chassis. When i ping the N5000 (inline ! on a SVI interface) from the C6500, he drops everytime the 95th ping request :-)

TESTC6500#   ping 10.102.78.66 df-bit size 1500 repeat 100

Type escape sequence to abort.
Sending 100, 1500-byte ICMP Echos to 10.102.78.66, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!
Success rate is 99 percent (99/100), round-trip min/avg/max = 1/1/4 ms
TESTC6500#   ping 10.102.78.66 df-bit size 1500 repeat 100

Type escape sequence to abort.
Sending 100, 1500-byte ICMP Echos to 10.102.78.66, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!
Success rate is 99 percent (99/100), round-trip min/avg/max = 1/1/4 ms
TESTC6500#   ping 10.102.78.66 df-bit size 1500 repeat 100

Type escape sequence to abort.
Sending 100, 1500-byte ICMP Echos to 10.102.78.66, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!
Success rate is 99 percent (99/100), round-trip min/avg/max = 1/1/4 ms
TESTC6500#   ping 10.102.78.66 df-bit size 1500 repeat 100

Type escape sequence to abort.
Sending 100, 1500-byte ICMP Echos to 10.102.78.66, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!
Success rate is 99 percent (99/100), round-trip min/avg/max = 1/1/4 ms
TESTC6500#

I have this problem too.
0 votes
Correct Answer by johgill about 6 years 10 months ago

There is no (configurable) rate-limiter function in the N5k.  I think what you are seeing is a result of process/scheduler timing, but I would have to look up some tests to back that up.

I can do the same operation and I see the packet mising is either 95, 96, none, 97... it varies.  With a true rate-limiter, you will typically see a much more defined pattern.

The Nexus 7000 has hardware and software control-plane policing (CoPP), but the Nexus 5000 does not.  I think it's possible you will see software CoPP in the Nexus 5000 in the future, but time will tell.

Regards,

John Gill

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
johgill Tue, 01/12/2010 - 18:32

There is no (configurable) rate-limiter function in the N5k.  I think what you are seeing is a result of process/scheduler timing, but I would have to look up some tests to back that up.

I can do the same operation and I see the packet mising is either 95, 96, none, 97... it varies.  With a true rate-limiter, you will typically see a much more defined pattern.

The Nexus 7000 has hardware and software control-plane policing (CoPP), but the Nexus 5000 does not.  I think it's possible you will see software CoPP in the Nexus 5000 in the future, but time will tell.

Regards,

John Gill

Actions

This Discussion