Icmp Message Types - Learning Module

Loading content...

0/228

Source Quench

The Network's "Slow Down" Signal

Imagine a highway on-ramp with a traffic light that controls how quickly cars can enter the highway during rush hour. When traffic becomes congested, the light turns red more frequently, forcing entering cars to wait and slow their rate of arrival. This ramp metering prevents highway gridlock by reducing inflow when capacity is strained.

In early IP networks, ICMP Source Quench (Type 4) served a similar purpose. When a router or host became overwhelmed with traffic—buffers filling, packets dropping—it could send Source Quench messages back to sources, signaling: "You're sending too fast. Slow down."

This message type represents a fascinating chapter in networking history. It was one of the first attempts at network congestion control but proved ineffective in practice. Today, Source Quench is officially deprecated (RFC 6633, 2012), and modern systems neither generate nor process it. Understanding why it failed illuminates the challenges of congestion control and why TCP's end-to-end mechanisms ultimately prevailed.

Historical ICMP Type

Source Quench (Type 4) is deprecated and should not be used in modern networks. This page covers it for historical understanding, protocol completeness, and to explain why network-layer congestion signaling was replaced by transport-layer mechanisms. You may encounter it in legacy systems, certification exams, or packet captures from older equipment.

What You Will Learn

By the end of this page, you will understand what Source Quench was designed to do, why it failed in practice, how it was officially deprecated, and what modern congestion control mechanisms replaced it. You'll gain insight into the evolution of congestion control thinking.

Source Quench Purpose and Design

Source Quench was defined in RFC 792 (1981) as a primitive flow control mechanism. The concept was straightforward: provide explicit feedback from congested network elements to sources contributing to that congestion.

Original Design Intent

•Trigger: Router or destination host is overloaded; incoming traffic rate exceeds processing/forwarding capacity
•Generator: Any router dropping packets due to congestion, or destination host running low on buffers
•Target: ICMP Source Quench sent to the source IP address of the problematic traffic
•Expected Response: Source should reduce transmission rate for traffic to that destination
•Mechanism: Typically sent along with (or instead of) dropping the triggering packet

ICMP Source Quench Message Format

Packet Layout

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|   Type (4)    |   Code (0)    |          Checksum             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                          Unused (zeros)                       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                                                               |
+                 Original IP Header (20-60 bytes)              +
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|              First 8 Bytes of Original Datagram              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 
Type:    4 (Source Quench)
Code:    0 (only value defined)
Unused:  32 bits, must be zero
Data:    Original IP header + 8 bytes (identifies the offending packet)

The Congestion Scenario:

                    Congestion Point
                          ↓
[Source A] ─────┐                      ┌───→ [Destination]
                 ├──→ [Router R] ──────┤
[Source B] ─────┘     (buffers full)   └───→ [Destination]
[Source C] ─────┘

1. Router R receives more traffic than it can forward
2. Buffers fill; packets start dropping
3. Router generates Source Quench to Sources A, B, C
4. (Theoretically) Sources reduce their sending rates
5. Congestion eases

The idea was logical: routers are closest to the congestion and know when they're overloaded. Why not have them directly tell sources to slow down?

Why Source Quench Failed

Despite its intuitive appeal, Source Quench proved ineffective in practice. Multiple fundamental flaws prevented it from serving as a viable congestion control mechanism.

Fundamental Flaws

•No rate specification: Source Quench says 'slow down' but never specifies how much. Should the source reduce by 10%? 50%? Stop completely? Sources have no guidance.
•No fairness mechanism: All sources receive identical messages regardless of their contribution to congestion. A source sending 1 Mbps gets the same treatment as one sending 1 Gbps.
•Unreliable delivery: ICMP itself is unreliable. Source Quench messages may be lost during congestion (the very condition triggering them), creating a catch-22.
•Amplification risk: During congestion, generating ICMP messages for each dropped packet adds even more traffic to an already congested path.
•Processing overhead: Congested routers must spend CPU cycles generating ICMP while already overwhelmed—exactly when they can least afford it.
•Reaction delay: By the time Source Quench reaches the source and it reacts, congestion may have passed or gotten worse. The feedback loop is too slow.

The Congestion Collapse Problem

Research in the 1980s showed that Source Quench could actually worsen congestion. During overload, generating Source Quench messages consumed router resources and added to link congestion. This paradoxically made the congestion worse, leading to more Source Quench generation, in a destructive feedback loop.

The Response Ambiguity Problem:

RFC 792 provided no guidance on what sources should do when receiving Source Quench:

Possible Response	Problem
Reduce rate by fixed percentage (e.g., 50%)	Arbitrary; may over- or under-correct
Stop sending entirely	Disrupts applications; users experience hangs
Reduce rate for specific destination only	Doesn't help if congestion is multi-destination
Ignore the message	Defeats the purpose entirely

Different operating systems implemented wildly different responses (or none at all), making Source Quench behaviorally unpredictable across the Internet.

What Source Quench Got Wrong

•Network-layer congestion signaling
•Router-generated (adds to congestion)
•No quantitative rate guidance
•Best-effort delivery of control
•Reactive (after congestion occurs)
•No fairness across sources

What TCP Congestion Control Got Right

•Transport-layer congestion control
•End-to-end (no router involvement)
•Precise rate adjustment (AIMD)
•Reliable via acknowledgments
•Proactive (window-based throttling)
•Built-in fairness (converges to fair share)

TCP Congestion Control: The Winning Approach

While Source Quench attempted network-layer congestion signaling, the networking community realized that transport-layer congestion control was more effective. Van Jacobson's 1988 paper "Congestion Avoidance and Control" introduced the TCP congestion control mechanisms that became the Internet's foundation.

The End-to-End Principle

TCP congestion control embodies the end-to-end design principle: complex functionality belongs in end systems, not the network. Routers focus on packet forwarding; endpoints detect congestion through packet loss and RTT changes. This division made the Internet scalable—routers don't need to understand or signal about application requirements.

TCP Congestion Control Mechanisms

•Slow Start: Begin with small congestion window (cwnd), double it each RTT until threshold or loss detected
•Congestion Avoidance: After threshold, increase cwnd linearly (additive increase). On loss, halve cwnd (multiplicative decrease)
•Fast Retransmit: Three duplicate ACKs indicate loss; retransmit immediately without waiting for timeout
•Fast Recovery: After fast retransmit, halve cwnd but don't reset to slow start; recover faster
•Modern variants: CUBIC, BBR, and others refine this further for high-speed and high-latency networks

Why TCP Congestion Control Works:

Implicit signaling via packet loss: Sources detect congestion by observing dropped packets (via timeout or duplicate ACKs). No explicit ICMP required.
Precise rate control: The congestion window (cwnd) in bytes provides exact control over outstanding data. AIMD (Additive Increase, Multiplicative Decrease) provides mathematically proven fairness.
Self-clocking: ACKs arriving at the sender pace new packet transmissions. Faster ACKs allow faster sending; slower ACKs automatically slow the sender.
No router involvement: Routers just forward or drop. They don't generate congestion signals, preserving their CPU for forwarding.
Reliable feedback: TCP's acknowledgment mechanism ensures congestion signals (losses) are reliably detected.

Converting Mermaid diagram...

Official Deprecation: RFC 6633 (2012)

In 2012, RFC 6633 officially deprecated ICMP Source Quench. The RFC provides formal recognition of what the networking community had known for decades: Source Quench doesn't work and shouldn't be used.

RFC 6633: Key Points

RFC 6633 'Deprecation of ICMP Source Quench Messages' moved Source Quench to Historic status. It formally recommends that routers SHOULD NOT generate Source Quench, hosts MUST NOT react to Source Quench by throttling traffic, and firewalls SHOULD silently drop Source Quench (log if desired).

RFC 6633 Recommendations
Network Element	Recommendation	Rationale
Routers	SHOULD NOT generate Source Quench	Adds overhead during congestion; provides no benefit
Hosts/Sources	MUST NOT react to Source Quench	Reactions are undefined and potentially harmful
TCP implementations	SHOULD NOT throttle based on Source Quench	TCP has its own superior congestion control
UDP applications	SHOULD ignore Source Quench	Application-layer rate control preferred
Firewalls	SHOULD drop Source Quench messages	No legitimate purpose; potential attack vector
Network monitors	MAY log Source Quench	Historical interest; anomaly detection

The RFC 6633 Timeline:

Year	Event
1981	RFC 792 defines Source Quench
1987	TCP congestion control developed (Jacobson)
1989	RFC 1122 allows hosts to ignore Source Quench
1995	Many implementations stop generating Source Quench
2004	Research confirms Source Quench ineffective
2012	RFC 6633 officially deprecates Source Quench
Today	Virtually no network equipment generates or processes it

The 31-Year Journey:

Source Quench's official deprecation 31 years after its definition illustrates how slowly protocol standards evolve—even when practical problems are well understood. The IETF's formal process required extensive documentation of failures before standardizing the deprecation.

Security Concerns with Source Quench

Beyond its ineffectiveness, Source Quench poses security risks if systems still honor it. These concerns reinforced the deprecation decision.

Security Attack Vectors

•Denial of Service (CPU Exhaustion): Attacker floods target with Source Quench messages. If target processes each message, CPU is consumed—especially if reactions involve routing table lookups or connection state changes.
•Connection Degradation Attack: Attacker sends Source Quench spoofed as coming from a router on the path. If target throttles in response, legitimate connections slow dramatically or stall.
•Low-bandwidth DoS: Unlike volumetric attacks, Source Quench DoS requires minimal attacker bandwidth—a few crafted packets can degrade the victim's throughput significantly.
•Targeted Application Disruption: Attacker who knows victim's connection details (IPs, ports) sends Source Quench with matching original header data, targeting specific application flows.
•Amplification Potential: If routers generated Source Quench for each dropped packet during real congestion, attackers could trigger storms by causing congestion.

Converting Mermaid diagram...

No Authentication Possible

Like all ICMP messages, Source Quench has no authentication mechanism. An attacker can trivially spoof the source IP address. Since Source Quench includes original header data, an attacker observing traffic (or guessing connection parameters) can craft convincing forgeries. There's no way to verify the message came from a legitimate, congested router.

Modern Congestion Control Mechanisms

While Source Quench was deprecated, the need for congestion signaling remains. Modern networks use sophisticated mechanisms that avoid Source Quench's flaws.

Modern Congestion Control Mechanisms
Mechanism	Layer	How It Works	Advantage over Source Quench
TCP Congestion Control	Transport	Detect loss via timeout/dup ACKs; adjust cwnd using AIMD	Reliable feedback, fair share convergence
ECN (Explicit Congestion Notification)	IP + Transport	Router marks packets (CE bit) before dropping; receiver echoes to sender	Proactive signaling without loss
Active Queue Management (RED/AQM)	Network	Router probabilistically drops packets before buffer is full	Early congestion signal; prevents buffer bloat
BBR Congestion Control	Transport	Models bottleneck bandwidth and RTT; probes path capacity	Loss-independent; high throughput on modern networks
QUIC Congestion Control	Transport (UDP)	Similar to TCP but runs over UDP; integrated with QUIC protocol	Lower latency; multiplexed streams without head-of-line blocking

Explicit Congestion Notification (ECN):

ECN deserves special mention as the modern, sanctioned replacement for explicit congestion signaling.

How ECN Works:

Source sets ECN-capable flag in IP header (ECT bits)
Congested router, instead of dropping, sets Congestion Experienced (CE) bit
Receiver sees CE bit, sets ECE flag in TCP ACK
Sender sees ECE, reduces cwnd as if packet was lost, sets CWR flag

ECN Advantages:

Signaling happens before packet loss (proactive)
Uses existing header bits (no extra packets)
Receiver-to-sender path provides reliable feedback
Sender reaction is well-defined (standard TCP response)
No router CPU overhead for generating ICMP

ECN represents what Source Quench tried to achieve—explicit congestion notification—but implemented correctly.

ECN Configuration Examples
Linux
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# Check current ECN setting
sysctl net.ipv4.tcp_ecn
# 0 = disabled, 1 = enabled (may request/accept), 2 = accept only
 
# Enable ECN
sudo sysctl -w net.ipv4.tcp_ecn=1
 
# Make persistent
echo "net.ipv4.tcp_ecn = 1" >> /etc/sysctl.conf
 
# Verify ECN is being used (in packet captures)
# Look for ECT(0), ECT(1), or CE flags in IP header
# TOS field bits 6-7:
#   00 = Not-ECT (not capable)
#   10 = ECT(0) (ECN-capable)
#   01 = ECT(1) (ECN-capable)
#   11 = CE (Congestion Experienced)
 
tcpdump -i eth0 -vv 'tcp' | grep -i ecn

Current Implementation Status

Understanding how current systems handle Source Quench helps in troubleshooting legacy environments and security auditing.

Source Quench Support by Platform
Platform	Generates SQ	Processes/Reacts to SQ
Linux (modern)	No (decades)	No (ignored since kernel 2.x)
Windows 10/11	No	No (ignored)
macOS	No	No
FreeBSD/OpenBSD	No	No
Cisco IOS (modern)	No (since IOS 12.x)	No
Juniper JUNOS	No	No
Legacy equipment (pre-2000)	Possibly yes	Possibly yes

Encountering Source Quench Today

If you capture ICMP Type 4 messages in a modern network, investigate immediately. Legitimate equipment hasn't generated Source Quench for 20+ years. Possible causes: (1) Very old legacy equipment still in service, (2) Misconfigured network appliance, (3) An attacker attempting Source Quench attacks, (4) Penetration testing or security scanning tools.

Detecting and Blocking Source Quench
Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# Capture Source Quench messages
sudo tcpdump -i any 'icmp[0]=4' -nn -v
 
# If you see any output, something is wrong
# Modern networks should show zero Source Quench traffic
 
# Block Source Quench at firewall (iptables)
sudo iptables -A INPUT -p icmp --icmp-type source-quench -j DROP
sudo iptables -A OUTPUT -p icmp --icmp-type source-quench -j DROP
 
# Log before dropping (for auditing)
sudo iptables -A INPUT -p icmp --icmp-type source-quench -j LOG \
    --log-prefix "ICMP Source Quench: " --log-level warning
sudo iptables -A INPUT -p icmp --icmp-type source-quench -j DROP
 
# Verify Linux kernel ignores Source Quench
# (There's no sysctl to control this; it's hardcoded to ignore)
# You can verify by sending Source Quench and observing no rate change
 
# Firewall rule in nftables (modern Linux)
nft add rule inet filter input icmp type source-quench drop

Best Practices for Source Quench:

Firewall Rules: Block ICMP Type 4 at perimeter firewalls
Monitoring: Log Source Quench with alerts (shouldn't occur normally)
Security Audits: Check legacy devices for Source Quench generation capability
Incident Response: Treat unexpected Source Quench as potential attack indicator
Documentation: Note that systems ignore Source Quench for compliance auditors asking about congestion control

Lessons from Source Quench's Failure

Source Quench's history offers valuable lessons about protocol design, congestion control, and the Internet's architectural principles.

Protocol Design Lessons

•End-to-end principle wins: Complex functionality belongs in endpoints, not the network. Routers should forward; endpoints should control rates.
•Implicit beats explicit (sometimes): TCP detects congestion implicitly via loss, which is more reliable than explicit ICMP signaling during congestion.
•Reactions must be well-defined: 'Slow down' is not actionable. Protocol specifications must quantify expected behaviors.
•Self-defeating mechanisms fail: Sending extra traffic (Source Quench) during congestion worsens the problem being solved.
•Fairness requires math: Achieving fair bandwidth sharing requires principled algorithms (AIMD), not ad-hoc throttling.
•Security must be considered: Unauthenticated control plane messages are attack vectors.

The Broader Pattern

Source Quench exemplifies a recurring theme in networking: simple, intuitive ideas often fail at scale. The Internet's success comes from robust mechanisms forged through rigorous analysis—not from first-guess solutions. TCP congestion control, AIMD, and the end-to-end principle emerged from understanding why simpler approaches like Source Quench couldn't work.

Summary: The Rise and Fall of Source Quench

ICMP Source Quench represents an important chapter in Internet history—a well-intentioned mechanism that proved unworkable, leading to its official deprecation and replacement by superior approaches.

Key Takeaways

•Type 4 = Source Quench — An ICMP message telling sources to reduce transmission rate due to congestion
•Officially deprecated (RFC 6633, 2012) — Systems should not generate and must not react to Source Quench
•Failed due to fundamental flaws — No rate guidance, unreliable delivery, amplification during congestion, processing overhead at worst time
•TCP congestion control succeeded — End-to-end mechanisms (AIMD, slow start, fast recovery) proved superior
•ECN is the modern replacement — Explicit signaling done correctly: proactive, no packet loss, well-defined reaction
•Security risks — Unauthenticated Source Quench enables DoS and connection degradation attacks
•Seeing Source Quench is suspicious — In modern networks, indicates legacy equipment, misconfiguration, or attack

Page Complete

You now understand ICMP Source Quench comprehensively—its design, failure modes, deprecation, and the lessons it teaches about protocol design. This historical perspective enriches your understanding of modern congestion control. Next, we'll explore Parameter Problem—ICMP's way of reporting malformed packet headers.

Source Quench

The Network's "Slow Down" Signal

Historical ICMP Type

What You Will Learn

Source Quench Purpose and Design

Original Design Intent

•Trigger: Router or destination host is overloaded; incoming traffic rate exceeds processing/forwarding capacity
•Generator: Any router dropping packets due to congestion, or destination host running low on buffers
•Target: ICMP Source Quench sent to the source IP address of the problematic traffic
•Expected Response: Source should reduce transmission rate for traffic to that destination
•Mechanism: Typically sent along with (or instead of) dropping the triggering packet

ICMP Source Quench Message Format

Packet Layout

 0                   1                   2                   3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|   Type (4)    |   Code (0)    |          Checksum             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                          Unused (zeros)                       |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|                                                               |
+                 Original IP Header (20-60 bytes)              +
|                                                               |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|              First 8 Bytes of Original Datagram              |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 
Type:    4 (Source Quench)
Code:    0 (only value defined)
Unused:  32 bits, must be zero
Data:    Original IP header + 8 bytes (identifies the offending packet)

The Congestion Scenario:

                    Congestion Point
                          ↓
[Source A] ─────┐                      ┌───→ [Destination]
                 ├──→ [Router R] ──────┤
[Source B] ─────┘     (buffers full)   └───→ [Destination]
[Source C] ─────┘

1. Router R receives more traffic than it can forward
2. Buffers fill; packets start dropping
3. Router generates Source Quench to Sources A, B, C
4. (Theoretically) Sources reduce their sending rates
5. Congestion eases

The idea was logical: routers are closest to the congestion and know when they're overloaded. Why not have them directly tell sources to slow down?

Why Source Quench Failed

Despite its intuitive appeal, Source Quench proved ineffective in practice. Multiple fundamental flaws prevented it from serving as a viable congestion control mechanism.

Fundamental Flaws

•No rate specification: Source Quench says 'slow down' but never specifies how much. Should the source reduce by 10%? 50%? Stop completely? Sources have no guidance.
•No fairness mechanism: All sources receive identical messages regardless of their contribution to congestion. A source sending 1 Mbps gets the same treatment as one sending 1 Gbps.
•Unreliable delivery: ICMP itself is unreliable. Source Quench messages may be lost during congestion (the very condition triggering them), creating a catch-22.
•Amplification risk: During congestion, generating ICMP messages for each dropped packet adds even more traffic to an already congested path.
•Processing overhead: Congested routers must spend CPU cycles generating ICMP while already overwhelmed—exactly when they can least afford it.
•Reaction delay: By the time Source Quench reaches the source and it reacts, congestion may have passed or gotten worse. The feedback loop is too slow.

The Congestion Collapse Problem

The Response Ambiguity Problem:

RFC 792 provided no guidance on what sources should do when receiving Source Quench:

Possible Response	Problem
Reduce rate by fixed percentage (e.g., 50%)	Arbitrary; may over- or under-correct
Stop sending entirely	Disrupts applications; users experience hangs
Reduce rate for specific destination only	Doesn't help if congestion is multi-destination
Ignore the message	Defeats the purpose entirely

Different operating systems implemented wildly different responses (or none at all), making Source Quench behaviorally unpredictable across the Internet.

What Source Quench Got Wrong

•Network-layer congestion signaling
•Router-generated (adds to congestion)
•No quantitative rate guidance
•Best-effort delivery of control
•Reactive (after congestion occurs)
•No fairness across sources

What TCP Congestion Control Got Right

•Transport-layer congestion control
•End-to-end (no router involvement)
•Precise rate adjustment (AIMD)
•Reliable via acknowledgments
•Proactive (window-based throttling)
•Built-in fairness (converges to fair share)

TCP Congestion Control: The Winning Approach

The End-to-End Principle

TCP Congestion Control Mechanisms

•Slow Start: Begin with small congestion window (cwnd), double it each RTT until threshold or loss detected
•Congestion Avoidance: After threshold, increase cwnd linearly (additive increase). On loss, halve cwnd (multiplicative decrease)
•Fast Retransmit: Three duplicate ACKs indicate loss; retransmit immediately without waiting for timeout
•Fast Recovery: After fast retransmit, halve cwnd but don't reset to slow start; recover faster
•Modern variants: CUBIC, BBR, and others refine this further for high-speed and high-latency networks

Why TCP Congestion Control Works:

Implicit signaling via packet loss: Sources detect congestion by observing dropped packets (via timeout or duplicate ACKs). No explicit ICMP required.
Precise rate control: The congestion window (cwnd) in bytes provides exact control over outstanding data. AIMD (Additive Increase, Multiplicative Decrease) provides mathematically proven fairness.
Self-clocking: ACKs arriving at the sender pace new packet transmissions. Faster ACKs allow faster sending; slower ACKs automatically slow the sender.
No router involvement: Routers just forward or drop. They don't generate congestion signals, preserving their CPU for forwarding.
Reliable feedback: TCP's acknowledgment mechanism ensures congestion signals (losses) are reliably detected.

Converting Mermaid diagram...

Official Deprecation: RFC 6633 (2012)

RFC 6633: Key Points

RFC 6633 Recommendations
Network Element	Recommendation	Rationale
Routers	SHOULD NOT generate Source Quench	Adds overhead during congestion; provides no benefit
Hosts/Sources	MUST NOT react to Source Quench	Reactions are undefined and potentially harmful
TCP implementations	SHOULD NOT throttle based on Source Quench	TCP has its own superior congestion control
UDP applications	SHOULD ignore Source Quench	Application-layer rate control preferred
Firewalls	SHOULD drop Source Quench messages	No legitimate purpose; potential attack vector
Network monitors	MAY log Source Quench	Historical interest; anomaly detection

The RFC 6633 Timeline:

Year	Event
1981	RFC 792 defines Source Quench
1987	TCP congestion control developed (Jacobson)
1989	RFC 1122 allows hosts to ignore Source Quench
1995	Many implementations stop generating Source Quench
2004	Research confirms Source Quench ineffective
2012	RFC 6633 officially deprecates Source Quench
Today	Virtually no network equipment generates or processes it

The 31-Year Journey:

Security Concerns with Source Quench

Beyond its ineffectiveness, Source Quench poses security risks if systems still honor it. These concerns reinforced the deprecation decision.

Security Attack Vectors

•Denial of Service (CPU Exhaustion): Attacker floods target with Source Quench messages. If target processes each message, CPU is consumed—especially if reactions involve routing table lookups or connection state changes.
•Connection Degradation Attack: Attacker sends Source Quench spoofed as coming from a router on the path. If target throttles in response, legitimate connections slow dramatically or stall.
•Low-bandwidth DoS: Unlike volumetric attacks, Source Quench DoS requires minimal attacker bandwidth—a few crafted packets can degrade the victim's throughput significantly.
•Targeted Application Disruption: Attacker who knows victim's connection details (IPs, ports) sends Source Quench with matching original header data, targeting specific application flows.
•Amplification Potential: If routers generated Source Quench for each dropped packet during real congestion, attackers could trigger storms by causing congestion.

Converting Mermaid diagram...

No Authentication Possible

Modern Congestion Control Mechanisms

While Source Quench was deprecated, the need for congestion signaling remains. Modern networks use sophisticated mechanisms that avoid Source Quench's flaws.

Modern Congestion Control Mechanisms
Mechanism	Layer	How It Works	Advantage over Source Quench
TCP Congestion Control	Transport	Detect loss via timeout/dup ACKs; adjust cwnd using AIMD	Reliable feedback, fair share convergence
ECN (Explicit Congestion Notification)	IP + Transport	Router marks packets (CE bit) before dropping; receiver echoes to sender	Proactive signaling without loss
Active Queue Management (RED/AQM)	Network	Router probabilistically drops packets before buffer is full	Early congestion signal; prevents buffer bloat
BBR Congestion Control	Transport	Models bottleneck bandwidth and RTT; probes path capacity	Loss-independent; high throughput on modern networks
QUIC Congestion Control	Transport (UDP)	Similar to TCP but runs over UDP; integrated with QUIC protocol	Lower latency; multiplexed streams without head-of-line blocking

Explicit Congestion Notification (ECN):

ECN deserves special mention as the modern, sanctioned replacement for explicit congestion signaling.

How ECN Works:

Source sets ECN-capable flag in IP header (ECT bits)
Congested router, instead of dropping, sets Congestion Experienced (CE) bit
Receiver sees CE bit, sets ECE flag in TCP ACK
Sender sees ECE, reduces cwnd as if packet was lost, sets CWR flag

ECN Advantages:

Signaling happens before packet loss (proactive)
Uses existing header bits (no extra packets)
Receiver-to-sender path provides reliable feedback
Sender reaction is well-defined (standard TCP response)
No router CPU overhead for generating ICMP

ECN represents what Source Quench tried to achieve—explicit congestion notification—but implemented correctly.

ECN Configuration Examples
Linux
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# Check current ECN setting
sysctl net.ipv4.tcp_ecn
# 0 = disabled, 1 = enabled (may request/accept), 2 = accept only
 
# Enable ECN
sudo sysctl -w net.ipv4.tcp_ecn=1
 
# Make persistent
echo "net.ipv4.tcp_ecn = 1" >> /etc/sysctl.conf
 
# Verify ECN is being used (in packet captures)
# Look for ECT(0), ECT(1), or CE flags in IP header
# TOS field bits 6-7:
#   00 = Not-ECT (not capable)
#   10 = ECT(0) (ECN-capable)
#   01 = ECT(1) (ECN-capable)
#   11 = CE (Congestion Experienced)
 
tcpdump -i eth0 -vv 'tcp' | grep -i ecn

Current Implementation Status

Understanding how current systems handle Source Quench helps in troubleshooting legacy environments and security auditing.

Source Quench Support by Platform
Platform	Generates SQ	Processes/Reacts to SQ
Linux (modern)	No (decades)	No (ignored since kernel 2.x)
Windows 10/11	No	No (ignored)
macOS	No	No
FreeBSD/OpenBSD	No	No
Cisco IOS (modern)	No (since IOS 12.x)	No
Juniper JUNOS	No	No
Legacy equipment (pre-2000)	Possibly yes	Possibly yes

Encountering Source Quench Today

Detecting and Blocking Source Quench
Bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# Capture Source Quench messages
sudo tcpdump -i any 'icmp[0]=4' -nn -v
 
# If you see any output, something is wrong
# Modern networks should show zero Source Quench traffic
 
# Block Source Quench at firewall (iptables)
sudo iptables -A INPUT -p icmp --icmp-type source-quench -j DROP
sudo iptables -A OUTPUT -p icmp --icmp-type source-quench -j DROP
 
# Log before dropping (for auditing)
sudo iptables -A INPUT -p icmp --icmp-type source-quench -j LOG \
    --log-prefix "ICMP Source Quench: " --log-level warning
sudo iptables -A INPUT -p icmp --icmp-type source-quench -j DROP
 
# Verify Linux kernel ignores Source Quench
# (There's no sysctl to control this; it's hardcoded to ignore)
# You can verify by sending Source Quench and observing no rate change
 
# Firewall rule in nftables (modern Linux)
nft add rule inet filter input icmp type source-quench drop

Best Practices for Source Quench:

Firewall Rules: Block ICMP Type 4 at perimeter firewalls
Monitoring: Log Source Quench with alerts (shouldn't occur normally)
Security Audits: Check legacy devices for Source Quench generation capability
Incident Response: Treat unexpected Source Quench as potential attack indicator
Documentation: Note that systems ignore Source Quench for compliance auditors asking about congestion control

Lessons from Source Quench's Failure

Source Quench's history offers valuable lessons about protocol design, congestion control, and the Internet's architectural principles.

Protocol Design Lessons

•End-to-end principle wins: Complex functionality belongs in endpoints, not the network. Routers should forward; endpoints should control rates.
•Implicit beats explicit (sometimes): TCP detects congestion implicitly via loss, which is more reliable than explicit ICMP signaling during congestion.
•Reactions must be well-defined: 'Slow down' is not actionable. Protocol specifications must quantify expected behaviors.
•Self-defeating mechanisms fail: Sending extra traffic (Source Quench) during congestion worsens the problem being solved.
•Fairness requires math: Achieving fair bandwidth sharing requires principled algorithms (AIMD), not ad-hoc throttling.
•Security must be considered: Unauthenticated control plane messages are attack vectors.

The Broader Pattern

Summary: The Rise and Fall of Source Quench

Key Takeaways

•Type 4 = Source Quench — An ICMP message telling sources to reduce transmission rate due to congestion
•Officially deprecated (RFC 6633, 2012) — Systems should not generate and must not react to Source Quench
•Failed due to fundamental flaws — No rate guidance, unreliable delivery, amplification during congestion, processing overhead at worst time
•TCP congestion control succeeded — End-to-end mechanisms (AIMD, slow start, fast recovery) proved superior
•ECN is the modern replacement — Explicit signaling done correctly: proactive, no packet loss, well-defined reaction
•Security risks — Unauthenticated Source Quench enables DoS and connection degradation attacks
•Seeing Source Quench is suspicious — In modern networks, indicates legacy equipment, misconfiguration, or attack

Page Complete