Ping priority on Cisco IOS

Every now and then, a really interesting question appears on the cisco-nsp mailing list. A while ago I’ve seen this one:

I’ve heard that Cisco devices handle ICMP at a low priority. I found one post describing it handled in process-switching and not fast-switching. Does anyone have an article that explains that process and is it configurable?

Most packets sent to the router are handled in process switching (the packet is queued in the input queue of one of the IOS processes), the obvious exceptions being GRE and IPSec packets (unless they’re fragmented).

Packets sent to the router can also be rate-limited with a control plane policy.

The IOS processes perform their job between interrupts (packets being CEF- or fast switched). A reply to an ICMP packet is therefore a lower-priority task than regular packet forwarding.

5 comments:

  1. Just in addition

    In Juniper these packets are called "exception" packets. The exception packet is every packet which should be processed by the Routing Engine (RE) (which analogy in Cisco I believe is the MSFC (the route processor))instead of being switched. So, the exception packets are handled with a low priority. It depends on how much is the CPU loaded in the time when the packet is received. If the routing engine / msfc is currently busy with more important task (let's say for example there are two or three BGP neighbors which routing information should be converged) the CPU (RE/MSFC) can just ignore those low-priority packets which may result as * * * in some traceroute outputs, because it's quite important job to build the routing table than to answer some silly questions (ICMP TTL expired in transit).

    Hope that helps!
  2. In Juniper reply to ordinary pings generated by special processor on PFE, not on RE. But if, for example, you request to record route - only then reply generated by RE and not by PFE.
  3. exception in IOS-XE : the ESP in the ASR answers icmp echo requests. they're not punted to the RP.

    basically, if you can see them with "debug ip icmp", it means they're process-switched.

    and fast-switching is dead.
  4. and PXF platforms (7300-nse-100,10000) generate the echo reply in PXF, they don't punt to the RP.
  5. The question as stated here doesn't specify that it's talking about ICMP packets *sent*to*the*router*.

    That's a pretty important distinction, and one that often trips people up.

    Sure, responding to an echo request is low priority, but *forwarding* an echo request is not.
Add comment
Sidebar