Show card X icmp
I think is the command you want.
Chris O'Shea
2011/9/16 Mariano Juliá <mjuliaq at gmail.com>
> Yes, there is a hard coded policer for locally bound ICMP packets.
>
> As a matter of fact, ICMP packets destined to any local IP address never
> reach the XCRP, they are always handled by the input traffic card regardless
> of whether the interface belong to that card or not. So it does for most
> protocol keepalives although those are not ratelimited.
>
> I took notes of the ICMP rate limit values, some are in bytes others in
> packets per second, unfortunately I didn't write down which ones are which.
>
> ICMP echo request 1000,1500
> ICMP echo reply 1000,1500
> Net Unreach 10,20
> Host Unreach 10,20
> port unreach 10,20
> DF unreach 1000,2000
> admin prohibited 10,20
> TTL exceed 100,200
> Net Redirect 10,20
> host redirect 10,20
> Parameter problem 10,20
>
> If I recall correctly, one of the commands under "show card" has counters
> for traffic dropped by this policer but I don't have access to a Redback any
> more so I can't be more precise.
>
> Regards,
>
> Mariano
>
>
> On 14/09/2011 14:08, Jim Tyrrell wrote:
>
>> Does SEOS have some sort of control plane policing that will drop ICMP
>> packets in an MPLS environment? I have configured a vpn context but when
>> testing I'm getting packetloss when pinging the SE600 from our Cisco
>> routers. I have the following setup:
>>
>> R1 -> R2 -> SE600 -> DSL line (L2TP session)
>>
>> R1 & R2 can ping each other fine, and they can also ping the DSL line
>> with 0 packetloss, but when I ping between the Cisco and SE600 I'm
>> getting packetloss:
>>
>>
>> ping vrf test 172.16.10.3 repeat 100
>> Sending 100, 100-byte ICMP Echos to 172.16.10.3, timeout is 2 seconds:
>> !!!!!!!!!!.!!!!!!!!!!.!!!!!!!!**!!.!!!!!!!!!!.!!!!!!!!!!.!!!!!**
>> !!!!!.!!!!!!!!!!.!!!!!!!!!!.!!**!!!!!!!!.!
>>
>> Success rate is 91 percent (91/100), round-trip min/avg/max = 1/1/4 ms
>>
>> It seems to be quite regular, and doesnt happen when pinging through the
>> SE600 to the DSL line so I'm thinking there is some kind of ratelimiting
>> on the SE600 itself?
>>
>> Thanks.
>>
>> Jim.
Le but est de monter un tunnel IPSec entre deux routeurs en utilisant des VTI. La clé partagée est: 1234. hostname R1 ! crypto isakm...