ICMP Rate-Limit

Ever wonder why when you do a trace and the last hop shows timeouts?



This is due to a built-in Deniel-Of-Service protection mechanism, to limit the rate of transmitted ICMP packets out an Interface. The default value is one ICMP destination unreachable message per 500 milliseconds ( 1/2 second), this would be why 1 in 3 response from the destination appears as a timeout, since the destination router silently discards the second packet.

The following command allows you to change the interval at which ICMP unreachable messages are generated (1 packet every 100 ms):

R5#conf t
R5(config)#ip icmp  rate-limit  unreachable 100

The show and clear commands available, was only introduced in IOS 12.4(2).

clear ip icmp rate-limit
show ip icmp rate-limit


A trace route will then complete as you would expect: