No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Service

CloudEngine 8800, 7800, 6800, and 5800 V200R003C00

This document describes the configurations of IP Service, including IP address, ARP, DHCP, DNS, IP performance optimization, IPv6, DHCPv6, and IPv6 DNS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring ICMPv6 Packet Control

Configuring ICMPv6 Packet Control

Context

Configuring ICMPv6 packet control reduces network traffic and prevents malicious attacks. Network congestion may occur when a large number of ICMPv6 error packets are sent on the network within a short period of time. To prevent network congestion, you can limit the maximum number of ICMPv6 error packets sent in a specified period using the token bucket algorithm.

You can set the bucket size and interval for placing tokens into the bucket. The bucket size indicates the maximum number of tokens that a bucket can hold. One token represents one ICMPv6 error packet. When an ICMPv6 error packet is sent, one token is taken out of the token bucket. When there are no tokens, ICMPv6 error packets cannot be sent until new tokens are placed into the token bucket.

If transmission of too many ICMPv6 error packets causes network congestion or the network is attacked by forged ICMPv6 error packets, you can disable the system from sending ICMPv6 error packets, Host Unreachable packets, and Port Unreachable packets.

Pre-configuration Tasks

Before setting rate limit for sending ICMPv6 error packets, complete the following task:

Procedure

  • Control ICMPv6 messages in the system view.
    1. Run system-view

      The system view is displayed.

    2. Run the following commands to configure ICMPv6 packet control.

      • Run ipv6 icmp-error { bucket bucket-size | ratelimit interval } *

        Rate limit for sending ICMPv6 error packets is set.

        By default, a token bucket can hold a maximum of 10 tokens and the interval for placing tokens into the bucket is 100 ms.

      • Run ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } receive disable

        The system is disabled from receiving ICMPv6 messages.

        By default, the system is enabled to receive ICMPv6 messages.

      • Run ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } send disable

        The system is disabled from sending ICMPv6 messages.

        By default, the system is enabled to send ICMPv6 messages.

      • Run ipv6 icmp rate-limit packet-too-big disable

        The device is disabled from rejecting oversized ICMPv6 error messages.

        By default, the device rejects oversized ICMPv6 error messages.

    3. Run commit

      The system view is displayed.

  • Control ICMPv6 messages in the interface view.
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The specified interface view is displayed.

    3. On an Ethernet interface, run undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

      The mode switching function takes effect when the interface only has attribute configurations (for example, shutdown and description configurations). Alternatively, if configuration information supported by both Layer 2 and Layer 3 interfaces exists (for example, mode lacp and lacp system-id configurations), no configuration that is not supported after the working mode of the interface is switched can exist. If unsupported configurations exist on the interface, delete the configurations first and then run the undo portswitch command.

      NOTE:

      If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

    4. Run ipv6 enable

      The IPv6 function is enabled on the interface.

      By default, the IPv6 function is disabled on an interface.

    5. Run the following commands to configure ICMPv6 packet control.

      • Run ipv6 icmp hop-limit-exceeded send disable

        The interface is disabled from sending ICMPv6 Hop Limit Exceeded messages.

        By default, the function of sending ICMPv6 Hop Limit Exceeded messages configured globally also takes effect on an interface.

      • Run ipv6 icmp host-unreachable send disable

        The interface is disabled from sending ICMPv6 host-unreachable packets.

        By default, the function of sending ICMPv6 host-unreachable messages configured globally also takes effect on an interface.

      • Run ipv6 icmp port-unreachable send disable

        The interface is disabled from sending ICMPv6 Port Unreachable messages.

        By default, the function of sending ICMPv6 Port Unreachable messages configured globally also takes effect on an interface.

    6. Run commit

      The system view is displayed.

Verifying the Configuration

  • Run the display icmpv6 statistics [ interface interface-type interface-number ] command to check ICMPv6 traffic statistics.

Translation
Download
Updated: 2019-05-08

Document ID: EDOC1100004354

Views: 72784

Downloads: 147

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next