I noticed that when users connect into View that there is a lot of ICMP Traffic from the View Client host to the View Connection Server & VDI desktop. I have ICMP blocked for any external users coming in so I see lot of these deny attempts in my logs. I've checked the VMware documentation and can't find anything talking about needing to allow ICMP.
So I guess I'm wondering why the View client is trying to do this, and what is the purpose? Am I hurting anything by blocking this ICMP traffic?
hi nzorn,
It is expected behavior.
The reason is during an active PCoIP session View does traceroute to their peer end points and record the results in their respective logs. This information is required for PCoIP troubleshooting purposes such as determining the number of hops and ICMP latency.
Regards,
Sanjay
bump
Have you noticed any effects from turning off ICMP? Some things that come to mind are related to health in View Administrator. Do all components show up as green? Do any of your reporting tools indicate problems due to the inability to complete a ping request? What I have gathered from reading is that the ICMP requests are related to View calculating bandwidth to provide the best performance on the client. Is that what you gathered as well?
I agree, in general documentation is lacking on this one.
Thanks for your reply. I have not noticed any issues by disabling ICMP, but then again it was never allowed from my external connections. Everything shows up green, I don't have many View reporting tools, but they are all working. Good note on maybe they are using it to calculate available bandwidth....
I might open a ticket to get an official answer.
VMware Support Request #16932072303 was opened.
hi nzorn,
It is expected behavior.
The reason is during an active PCoIP session View does traceroute to their peer end points and record the results in their respective logs. This information is required for PCoIP troubleshooting purposes such as determining the number of hops and ICMP latency.
Regards,
Sanjay
Thanks for the reply Sanjay!
So I might see some performance improvement by allowing ICMP from external connections?
No, performance will remain same in both cases (ICMP allowed or blocked).
Thanks again for the clarification!
Is there any documentation about allowing ICMP traffic between agent and broker, couldn't find it anywhere. I'm having provisioning issues cause of this. We have placed a firewall between the agent subnets and the connection brokers.
Regards,
Arjan