Forum Discussion

Michael_107360's avatar
Michael_107360
Icon for Cirrus rankCirrus
Oct 10, 2016

Limitation of ICMP on Virtual Servers

Is there a built in limit for ICMP responses on Big-IP? Consistently it will stop at 249 example: Sending 250, 100-byte ICMP Echos to 192.168.1.40, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!? Success rate is 99 percent (249/250), round-trip min/avg/max = 1/1/10 ms CISCO_DEVICE/sec/act

 

application delivery
BIG-IP
LTM
security

2 Replies

Sort By
  • Michael_107360's avatar
    Michael_107360
    Icon for Cirrus rankCirrus
    Oct 10, 2016

    OK i found this information....: F5 has a limit to the ICMP rate which causes this droppage. Seen it before, it's an expected feature

     

    But can anyone tell me "where" is this rate configured and what the rate is to be expected. Additional question if the Big-IP is configured to be a router do the devices that sit behind the Big-Ip fall into the same category. As I am seeing the same type of limitation for ip addresses that sit behind the Big-ip.....

     

    Thanks in advance!

     

  • Leonardo_Souza's avatar
    Leonardo_Souza
    Icon for Cirrocumulus rankCirrocumulus
    Oct 11, 2016

    The F5 unit has a configuration database, you can see and change multiple settings there.

     

    The 250 look to match the db key tm.maxrejectrate. There is also tm.maxicmprate that defaults to 100.

     

    To list a key: tmsh list sys db tm.maxrejectrate

     

    This solution has more information: https://support.f5.com/kb/en-us/solutions/public/14000/800/sol14813.htmlconfigreject

     

    Also: https://support.f5.com/kb/en-us/solutions/public/7000/100/sol7113.html

     

    Anyway, this should be for ICMP errors. Based in Cisco documentation "Each exclamation point indicates receipt of a reply.", so I assume echo reply.