Port Traffic Controls
Rate-Limiting
Spoofed Ping: An ICMP echo request packet intentionally generated with a
valid source IP address and an invalid destination IP address. Spoofed
pings are often created with the intent to oversubscribe network
resources with traffic having invalid destinations.
Guidelines for Configuring ICMP Rate-Limiting
Apply ICMP rate-limiting on all connected interfaces on the switch to effec-
tively throttle excessive ICMP messaging from any source. Figure 13-3 shows
an example of how to configure this for a small to mid-sized campus though
similar rate-limit thresholds are applicable to other network environments.
On edge interfaces, where ICMP traffic should be minimal, a threshold of 1%
of available bandwidth should be sufficient for most applications. On core
interfaces, such as switch-to-switch and switch-to-router, a maximum thresh-
old of 5% should be sufficient for normal ICMP traffic. (“Normal” ICMP traffic
levels should be the maximums that occur when the network is rebooting.)
8212zl Switch
8212zl Switch
8212zl Switch Router
Server
Backup Server
Dormitory 1
Dormitory 2
Dormitory 3
Dormitory 4
Administration
Building
Classroom
Classroom
WAN
LAN
ICMP Rate-Limit
at 1%
ICMP Rate-Limit
at 1%
ICMP Rate-Limit
at 5%
Figure 13-3. Example of ICMP Rate-Limiting
13-12
