sslug-teknik team mailing list archive

Thread
Date

Re: up-down kapacitet ADSL?

To: sslug-teknik@xxxxxxxx
From: Anna Jonna Armannsdottir <a@xxxxxxxxxxxx>
Date: Sat, 12 May 2001 22:10:15 +0200
Delivered-to: mailing list sslug-teknik@xxxxxxxx
In-reply-to: <m2ae4jseeh.fsf@dolle.kalibalik.dk>; from c960452@student.dtu.dk on Sat, May 12, 2001 at 00:35:02 +0200
Mailing-list: contact sslug-teknik-help@xxxxxxxx; run by ezmlm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 12 May 2001 00:35:02 Anders Melchiorsen wrote:
> Anna Jonna Armannsdottir <a@xxxxxxxxxxxx> skrev den 11-May-01:
> 
> > Hvis man, i sin firewall, slår al ICMP fra, risikerer man betydelige
> > forringelser i udnyttelsen af båndbredden.
> 
> Er det derfor, det er en dårlig idé at "lukke for ping" (som fx Jubii
> gør), eller er der en mere graverende årsag til det? Jeg mener at have
> hørt et argument for den sag før, men husker ikke hvad det var :-/.

At lukke af for ping har ingen indflydelse på performance. 
Derimod er der andre ICMP typer som har stor betydning for 
ydelsen. Det er især ICMP source-quench, (jeg er lidt 
usikker på navnet) der bruges i forbindelse med at 
bestemme størrelsen af IP pakker. 

Ifølge Rusty Russell, forfatteren til IPCHAINS-HOWTO, 
falder ydelsen kraftigt, hvis der lukkes af for denne 
type ICMP.

Han skriver: 

All good TCP implementations (Linux included) use MTU 
discovery to try to figure out what the largest packet
that can get to a destination without being fragmented 
(fragmentation slows performance, especially when 
occasional fragments are lost). MTU discovery works by 
sending packets with the "Don't Fragment" bit set, and 
then sending smaller packets if it gets an ICMP packet 
indicating "Fragmentation needed but DF set" 
(`fragmentation-needed'). This is a type of 
`destination-unreachable' packet, and if it is never 
received, the local host will not reduce MTU, and 
performance will be abysmal or non-existent. 

Læs videre:
http://sunsite.dk/ldp/HOWTO/IPCHAINS-HOWTO-5.html#ss5.2

- -- 
med venlig hilsen, Anna Jonna Armannsdottir       
Fyrkildevej 98 (sttv)          Tel: 98 15 67 93
DK-9220 Aalborg Oest           ICQ: 108017016
Find my key: http://www.keyserver.net: GnuPG key ID: 0x6349D8FB 
fingerprint: E44F A8B9 5088 0036 C0C6  DD2C 9575 7DFE 6349 D8FB
                       ...ooO0Ooo...
   One Linux to rule them all, One Resolver to find them,
   One IP to bring them all and in the zone to bind them. 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjr9mCgACgkQlXV9/mNJ2PuYxwCgq/cz8p4eAsEIS3qYwSGfgHBl
MRAAoL01X8eDgT4eGZW14VVYur48tl7Y
=MUTJ
-----END PGP SIGNATURE-----

Follow ups

Filtrering af ICMP (var up-down kapacitet ADSL?)
From: Anna Jonna Armannsdottir, 2001-05-17
Re: up-down kapacitet ADSL?
From: Anders Melchiorsen, 2001-05-13

References

up-down kapacitet ADSL?
From: Peter Toft, 2001-05-09
Re: up-down kapacitet ADSL?
From: Poul-Erik Andreasen, 2001-05-10
Re: up-down kapacitet ADSL?
From: Anna Jonna Armannsdottir, 2001-05-11
Re: up-down kapacitet ADSL?
From: Poul-Erik Andreasen, 2001-05-11
Re: up-down kapacitet ADSL?
From: Anna Jonna Armannsdottir, 2001-05-11
Re: up-down kapacitet ADSL?
From: Anders Melchiorsen, 2001-05-12