NE05 and SECPATH are connected to NE40 through GE. From NE40, use a packet of 8000-byte to ping NE05 or SECPATH, and no packet is discarded; from NE05 or SECPATH, use a packet of 8000-byte to ping NE40, the packet is discarded.
1. Change the value of No. 31 leaky bucket of interface board to 64k, and the rate of packet loss is lowering greatly. It is located that the packet is discarded by leaky bucket of system. A great deal of ICMP request packets are sent to CPU for processing, so sometimes one or more packets cannot be acknowledged.
2. If other equipments support the paramter of -m of ping, we could use the parameter to adjust the rate for sending ICMP packets. Once the rate is lowered, no packet is discarded.
3. NE40 at new version supports icmp fast-reply command, after which is configured, the interface board NP responds the ICMP request. However, for packets of more than 1500-byte, they will transmitted to CPU for fragmentation, so the icmp fast-reply command configured does not take effect.
1. NE40 system is designed with functionality against attacks from ping, which is realized through No. 31 system-bucket of interface board. The system sets the leaky bucket to 16Kbps by default. If the traffic of ICMP packets exceeds the threshold set for leaky bucket, the packets will be discarded.
2. However, no packet is discarded when NE40 uses the same parameters to ping NE05. This is because different products transmit ICMP packet at different rates when performing ping actions. The rate for NE40 to transmit ICMP packets is very low, so the traffic of ICMP packets will not exceed the threshold set for leaky bucket of system, Moreover, the rate for NE05 to transmit ICMP packets is very highy, and the traffic of ICMP packets that NE40 received exceeds the limit set for leaky bucket fo system, which is shown as that packets are discarded.