Terminology; Guidelines For Configuring Icmp Rate-Limiting - HP ProCurve Management And Configuration Manual

ICMP Rate-Limit
at 1%
Dormitory 1
Dormitory 2
Dormitory 3
Dormitory 4
Figure 13-3. Example of ICMP Rate-Limiting

Terminology

All-Traffic Rate-Limiting: Applies a rate-limit to all traffic (including ICMP
traffic) on an interface. For details, see "Rate-Limiting" on page 13-4.
ICMP Rate-Limiting: Applies a rate-limit to all inbound ICMP traffic
received on an interface, but does not limit other types of inbound traffic.
Spoofed Ping: An ICMP echo request packet intentionally generated with a
valid source IP address and an invalid destination IP address. Spoofed
pings are often created with the intent to oversubscribe network
resources with traffic having invalid destinations.

Guidelines for Configuring ICMP Rate-Limiting

Apply ICMP rate-limiting on all connected interfaces on the switch to effec­
tively throttle excessive ICMP messaging from any source. Figure 13-3 shows
an example of how to configure this for a small to mid-sized campus though
similar rate-limit thresholds are applicable to other network environments.
On edge interfaces, where ICMP traffic should be minimal, a threshold of 1%
of available bandwidth should be sufficient for most applications. On core
interfaces, such as switch-to-switch and switch-to-router, a maximum thresh­
old of 5% should be sufficient for normal ICMP traffic. ("Normal" ICMP traffic
levels should be the maximums that occur when the network is rebooting.)
ICMP Rate-Limit
8212zl Switch
8212zl Switch
Server
at 5%
8212zl Switch
Classroom
Administration
Building
Classroom
Port Traffic Controls
Rate-Limiting
WAN
LAN
Router
Backup Server
ICMP Rate-Limit
at 1%
13-11