No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - IP Service

AR500, AR510, AR531, AR550, AR1500, and AR2500 V200R010

This document describes the concepts and configuration procedures of IP Service features on the device, and provides the configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring ICMPv6 Packet Control

Configuring ICMPv6 Packet Control

Context

Configuring ICMPv6 packet control reduces network traffic and prevents malicious attacks. Network congestion may occur when a large number of ICMPv6 error packets are sent on the network within a short period of time. To prevent network congestion, you can limit the maximum number of ICMPv6 error packets sent in a specified period using the token bucket algorithm.

You can set the bucket size and interval for placing tokens into the bucket. The bucket size indicates the maximum number of tokens that a bucket can hold. One token represents one ICMPv6 error packet. When an ICMPv6 error packet is sent, one token is taken out of the token bucket. When there are no tokens, ICMPv6 error packets cannot be sent until new tokens are placed into the token bucket.

If transmission of too many ICMPv6 error packets causes network congestion or the network is attacked by forged ICMPv6 error packets, you can disable the system from ICMPv6 error packets, Host Unreachable packets, and Port Unreachable packets.

Pre-configuration Tasks

Before setting rate limit for sending ICMPv6 error packets, complete the following task:

Procedure

  • Control ICMPv6 error messages in the system view.
    1. Run system-view

      The system view is displayed.

    2. Run ipv6

      IPv6 packet forwarding is enabled.

      By default, a device is disabled from forwarding IPv6 unicast packets.

    3. Run ipv6 icmp-error { bucket bucket-size | ratelimit interval } *

      Rate limit for sending ICMPv6 error packets is set.

      By default, a token bucket can hold a maximum of 10 tokens and the interval for placing tokens into the bucket is 100 ms.

    4. Run ipv6 icmp too-big-rate-limit

      The device is enabled to reject oversized ICMPv6 error messages.

      By default, the device is disabled from rejecting oversized ICMPv6 error messages.

    5. Run undo ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } receive

      The system is disabled from receiving ICMPv6 messages.

      By default, the system is enabled to receive ICMPv6 messages.

    6. Run undo ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } send

      The system is disabled from sending ICMPv6 messages.

      By default, the system is enabled to send ICMPv6 messages.

  • Control ICMPv6 messages in the interface view.
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The specified interface view is displayed.

    3. Run ipv6 enable

      The IPv6 function is enabled on the interface.

      By default, the IPv6 function is disabled on an interface.

    4. Run undo ipv6 icmp port-unreachable send

      The interface is disabled from sending ICMPv6 Port Unreachable messages.

      By default, the function of sending ICMPv6 Port Unreachable messages configured globally also takes effect on an interface.

    5. Run undo ipv6 icmp hop-limit-exceeded send

      The interface is disabled from sending ICMPv6 Hop Limit Exceeded messages.

      By default, the function of sending ICMPv6 Hop Limit Exceeded messages configured globally also takes effect on an interface.

Verifying the Configuration

  • Run the display ipv6 interface [ interface-type interface-number | brief ] command to check IPv6 information about a specified interface.

  • Run the display icmpv6 statistics [ interface interface-type interface-number ] command to check ICMPv6 traffic statistics.

Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034231

Views: 78627

Downloads: 51

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next