No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Optimizing IP Performance

Optimizing IP Performance

This section describes how to optimize IP performance. You can set IP performance parameters to achieve best network performance.

Prerequisite

Before optimizing IP performance, complete the following task:

  • Configuring IP addresses for interfaces

Configuring Source IP Addresses Verification

Context

Configuring source IP address verification enables an interface to check validity of source IP addresses of received packets. Packets with invalid addresses are discarded. The interface only check validity of source IP addresses of the packets that are forwarded to the CPU and does not check validity of source IP addresses of the packets that will be directly forwarded according to the FIB table.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed. The interface can be a VLANIF or loopback interface.

    NOTE:

    If the interface is a VLANIF interface, a VLAN must be created.

  3. Run:

    ip verify source-address

    Source IP address verification is configured.

    The device only verify the source IP addresses of packets forwarded from an interface to the CPU.

    By default, an interface does not check validity of source IP addresses of received packets.

Configuring an Outbound Interface to Fragment IP Packets

Context

If the size of IP packets exceeds the MTU, oversized packets will be discarded. After IP packet fragmentation is enabled, the system sets the DF field of an IP packet to 0 and fragments the IP packet to ensure that all packets are forwarded.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed. The interface can be a VLANIF or loopback interface.

    NOTE:

    If the interface is a VLANIF interface, a VLAN must be created.

    The function that clears the DF field is valid for outgoing packets; therefore, this function must be configured on the outbound interface.

  3. Run:

    clear ip df

    The function that clears the DF field is configured to enable IP packet fragmentation on an outbound interface.

    By default, an outbound interface does not fragment IP packets.

Configuring ICMP Properties

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    icmp { type icmp-type code icmp-code | name icmp-name | all } receive

    The function of receiving ICMP packets is enabled.

    By default, the function of receiving ICMP packets is enabled.

  3. Run:

    icmp-reply fast

    The fast ICMP reply function is enabled.

    By default, the fast ICMP reply function is enabled on the device.

    NOTE:
    After the fast ICMP reply function is enabled on access point, access point respond to ICMP Echo packets quickly in any of the following situations:
    • access point do not have the ARP entry of the device that initiates the ping and cannot learn the ARP entry of the device.
    • access point do not have route entries to the device that initiates the ping.
    • access point receive ICMP Echo packets with incorrect checksum.

  4. Run:

    icmp ttl-exceeded drop

    The device is configured to discard the ICMP packets whose TTL values are 1.

    By default, the function of discarding ICMP packets with TTL values 1 is disabled.

  5. Run:

    icmp with-options drop

    The device is configured to discard the ICMP packets that carry options.

    By default, the function of discarding ICMP packets that carry options is disabled.

  6. Run:

    icmp unreachable drop

    The function of discarding ICMP destination unreachable packets is enabled.

    By default, the function of discarding ICMP destination unreachable packets is disabled.

  7. Run:

    icmp port-unreachable send

    The function of sending ICMP port unreachable packets is enabled.

    By default, the function of sending ICMP port unreachable packets is enabled.

  8. Run:

    interface interface-type interface-number

    The interface view is displayed.

  9. Run:

    icmp host-unreachable send

    The function of sending ICMP host unreachable packets is enabled.

    By default, the function of sending ICMP host unreachable packets is enabled.

Controlling IP packets with Source Route Options

Context

By controlling IP packets with source route options, the device can prevent malicious attackers from detecting network topologies by using source route options. This improves network security.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. Run:

    discard srr

    The interface is configured to discard IP packets with source route options.

    By default, the function of discarding IP packets with source-route options is not enabled. That is, a device processes the IP packets with source-route options.

Configuring TCP Properties

Context

When a TCP connection is set up between access point and other devices, TCP properties need to be configured.

The following TCP properties can be configured on access point:

  • SYN-Wait timer: When SYN packets are sent, the SYN-Wait timer is started. If no response packet is received after the SYN-Wait timer expires, the TCP connection is closed.

  • FIN-Wait timer: When the TCP connection status changes from FIN_WAIT_1 to FIN_WAIT_2, the FIN-Wait timer is started. If no response packet is received after the FIN-Wait timer expires, the TCP connection is closed.

  • Receive/send buffer size of connection-oriented socket window-size.

If you configure TCP properties in the system view for multiple times, only the last configuration takes effect.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    tcp timer syn-timeout interval

    The SYN-Wait timer of TCP connections is configured.

    The value of the TCP SYN-Wait timer is an integer that ranges from 2 to 600, in seconds. The default value is 75.

  3. Run:

    tcp timer fin-timeout interval

    The FIN-WAIT timer of TCP connections is configured.

    The value of the TCP FIN-Wait timer is an integer that ranges from 76 to 3600, in seconds. The default value is 675.

  4. Run:

    tcp window window-size

    The socket receive/send buffer size is configured.

    The value of window-size ranges from 1k bytes to 32k bytes. The default value is 8k bytes.

  5. Run:

    tcp min-mss mss-value

    The minimum MSS value is set for a TCP connection.

    The default minimum MSS value for a TCP connection is 216 bytes.

  6. Run:

    tcp max-mss mss-value

    The maximum MSS value is set for a TCP connection.

    The maximum MSS value of a TCP connection ranges from 32 to 9600, expressed in bytes. No default value is available.

    NOTE:

    The maximum MSS value configured using the tcp max-mss command must be greater than the minimum MSS value configured using the tcp min-mss command.

Checking the Configuration

Procedure

  • Run the display tcp status [ [ task-id task-id ] [ socket-id socket-id ] | [ local-ip ip-address ] [ local-port local-port-number ] [ remote-ip ip-address ] [ remote-port remote-port-number ] ] command to check the TCP connection status.
  • Run the display tcp statistics command to view the TCP traffic statistics.
  • Run the display udp statistics command to view the UDP traffic statistics.
  • Run the display ip statistics command to view the IP traffic statistics.
  • Run the display ip socket [ monitor ] [ task-id task-id socket-id socket-id | socket-type socket-type ] command to view information about the created IPv4 socket.
  • Run the display icmp statistics command to view the ICMP traffic statistics.
Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 114569

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next