sslug-teknik team mailing list archive
-
sslug-teknik team
-
Mailing list archive
-
Message #36764
Re: up-down kapacitet ADSL?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 12 May 2001 00:35:02 Anders Melchiorsen wrote:
> Anna Jonna Armannsdottir <a@xxxxxxxxxxxx> skrev den 11-May-01:
>
> > Hvis man, i sin firewall, slår al ICMP fra, risikerer man betydelige
> > forringelser i udnyttelsen af båndbredden.
>
> Er det derfor, det er en dårlig idé at "lukke for ping" (som fx Jubii
> gør), eller er der en mere graverende årsag til det? Jeg mener at have
> hørt et argument for den sag før, men husker ikke hvad det var :-/.
At lukke af for ping har ingen indflydelse på performance.
Derimod er der andre ICMP typer som har stor betydning for
ydelsen. Det er især ICMP source-quench, (jeg er lidt
usikker på navnet) der bruges i forbindelse med at
bestemme størrelsen af IP pakker.
Ifølge Rusty Russell, forfatteren til IPCHAINS-HOWTO,
falder ydelsen kraftigt, hvis der lukkes af for denne
type ICMP.
Han skriver:
All good TCP implementations (Linux included) use MTU
discovery to try to figure out what the largest packet
that can get to a destination without being fragmented
(fragmentation slows performance, especially when
occasional fragments are lost). MTU discovery works by
sending packets with the "Don't Fragment" bit set, and
then sending smaller packets if it gets an ICMP packet
indicating "Fragmentation needed but DF set"
(`fragmentation-needed'). This is a type of
`destination-unreachable' packet, and if it is never
received, the local host will not reduce MTU, and
performance will be abysmal or non-existent.
Læs videre:
http://sunsite.dk/ldp/HOWTO/IPCHAINS-HOWTO-5.html#ss5.2
- --
med venlig hilsen, Anna Jonna Armannsdottir
Fyrkildevej 98 (sttv) Tel: 98 15 67 93
DK-9220 Aalborg Oest ICQ: 108017016
Find my key: http://www.keyserver.net: GnuPG key ID: 0x6349D8FB
fingerprint: E44F A8B9 5088 0036 C0C6 DD2C 9575 7DFE 6349 D8FB
...ooO0Ooo...
One Linux to rule them all, One Resolver to find them,
One IP to bring them all and in the zone to bind them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjr9mCgACgkQlXV9/mNJ2PuYxwCgq/cz8p4eAsEIS3qYwSGfgHBl
MRAAoL01X8eDgT4eGZW14VVYur48tl7Y
=MUTJ
-----END PGP SIGNATURE-----
Follow ups
References