ICMP Rate Limiting
I was using the traceroute
command while testing a VPN client. Curiously, the command stalled when executed rapidly.
The syntax I used:
traceroute -4 -n -m2 $ip_address
When repeatedly executing the command in a rapid fire manner using the keyboard Up
arrow and Enter
keys, usually after two executions the command stalled with high latency. Sometimes the output showed only asterisks.
Some digging revealed the cause of the stall to be ICMP rate limiting. By default this is 1000 milliseconds to prevent ping flood attacks.
Fortunately with Linux systems the default rate limiting can be configured manually. For example, on the home LAN router all I needed was:
echo 0 > /proc/sys/net/ipv4/icmp_ratelimit
At that point the router no longer stalled when using traceroute
in a rapid fire manner.
Posted: Usability Tagged: General
Category: