ICMP Rate-Limit
February 13, 2009Ever wonder why when you do a trace and the last hop shows timeouts?
.
This is due to a built-in Deniel-Of-Service protection mechanism, to limit the rate of transmitted ICMP packets out an Interface. The default value is one ICMP destination unreachable message per 500 milliseconds ( 1/2 second), this would be why 1 in 3 response from the destination appears as a timeout, since the destination router silently discards the second packet.
The following command allows you to change the interval at which ICMP unreachable messages are generated (1 packet every 100 ms):
R5#conf t
R5(config)#ip icmp rate-limit unreachable 100
The show and clear commands available, was only introduced in IOS 12.4(2).
clear ip icmp rate-limit
show ip icmp rate-limit
.
A trace route will then complete as you would expect:
