No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Service

CloudEngine 8800, 7800, 6800, and 5800 V200R003C00

This document describes the configurations of IP Service, including IP address, ARP, DHCP, DNS, IP performance optimization, IPv6, DHCPv6, and IPv6 DNS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Enable IPv6 SEND

Enable IPv6 SEND

Context

When IPv6 SEND is enabled, that is the strict security mode is enabled on an interface, the interface regards the received ND message insecure and discards it in the following cases:
  • The received ND message does not carry a CGA or RSA option. That is, the interface that sent the ND message does not have a CGA address.
  • The rate of computing or verifying the RSA signature in a specified period (1s) exceeds the rate limit of the system.
  • The key length in the received ND message is out of the length range allowed on the interface.
  • The difference between the receive time and the send time of the ND message is out of the time range allowed on the interface.

Procedure

  1. Run system-view

    The system view is displayed.

  2. (Optional) Run ipv6 nd security rate-limit ratelimit-value

    A rate limit for the system to compute or verify the RSA signature in a specified period (1s) is set.

    By default, the rate limit for the system to compute or verify the RSA signature is not configured.

  3. Run interface interface-type interface-number

    The interface view is displayed.

  4. (Optional) Run ipv6 nd security key-length { minimum keylen-value | maximum keylen-value } *

    The key length allowed on the interface is set.

    By default, the minimum key length is 512 bits and the maximum key length is 2048 bits.

  5. (Optional) Run ipv6 nd security timestamp { delta delta-value | drift drift-value | fuzz-factor fuzz-value } *

    The timestamp configuration parameters are set.

    By default, the maximum difference between the receive time and send time of an ND message is 300 seconds; the maximum difference between the system time of the sender and the system time of the receiver is 1%; the maximum alive time of an ND message is 1 second.

  6. Run ipv6 nd security strict

    The strict security mode is enabled on the interface.

    By default, the strict security mode is not enabled on an interface.

  7. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-05-08

Document ID: EDOC1100004354

Views: 69485

Downloads: 147

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next