ipv6 icmp-error
Function
The ipv6 icmp-error command sets the rate limit for sending ICMPv6 error packets.
The undo ipv6 icmp-error command restores the default rate limit for sending ICMPv6 error packets.
By default, the size of the token buckets is 10 and the limit rate is 100 milliseconds.
Parameters
Parameter | Description | Value |
---|---|---|
bucket bucket-size | Specifies the maximum number of tokens the bucket can hold. | The value is an integer that ranges from 1 to 200. The default value is 10, which is recommended. |
ratelimit interval | Specifies the interval for placing tokens into the bucket. | The value is an integer that ranges from 0 to 2147483647, in milliseconds. The default value is 100, which is recommended. |
Usage Guidelines
Usage Scenario
If a network is not attacked, a routing device can correctly send ICMPv6 error packets to notify other devices of exceptions in packet transmission. If an attacker frequently sends ICMPv6 packets to network devices, the network devices will be busy responding with ICMPv6 packets. This greatly affects system throughput and CPU usage. To prevent the system from sending a great number of ICMPv6 packets, run the ipv6 icmp-error command to limit the rate at which ICMPv6 packets are sent.
In the token bucket algorithm, one token represents an ICMPv6 packet. The system places tokens into the virtual bucket at a certain interval until the number of tokens in the bucket reaches the upper limit. When an ICMPv6 error packet is sent, a token is taken out of the token bucket. When there is no token, excess ICMPv6 error packets are discarded. You can limit the rate at which ICMPv6 packets are sent by setting the bucket size and the interval for placing tokens into the bucket.
Precautions
If you run the ipv6 icmp-error command multiple times, only the latest configuration takes effect.
If the interval for placing tokens into the bucket is 0, there is no limit on the interval.
Example
# Set the rate limit for sending ICMPv6 error packets to 100 ms.
<AC6605> system-view
[AC6605] ipv6 icmp-error ratelimit 100
# Set the bucket size of ICMPv6 to 50.
[AC6605] ipv6 icmp-error bucket 50
# Set the rate limit for sending ICMPv6 error packets to 100 ms and the bucket size to 50.
[AC6605] ipv6 icmp-error bucket 50 ratelimit 100