No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Service

S2720, S5700, and S6720 V200R013C00

This document describes the configurations of IP Service, including IP address, ARP, DHCP, DHCP policy VLAN, DNS, mDNS gateway, mDNS relay, UDP Helper, IP performance optimization, IPv6, DHCPv6, IPv6 DNS, IPv6 over IPv4 tunnel, and IPv4 over IPv6 tunnel.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Optimizing System Performance by Discarding Certain ICMP Packets

Example for Optimizing System Performance by Discarding Certain ICMP Packets

Networking Requirements

The switch in Figure 9-3 functions as the aggregation device. Enterprise users, individual users, and DSLAMs are attached to the switch and the switch is connected to the Internet through a BRAS. When a large amount of information is exchanged on the network or the network is attacked, lots of ICMP packets are forwarded and the network performance is degraded. In this case, some ICMP packets need to be discarded to reduce the burden on the switch.

Figure 9-3  Networking diagram for configuring the ICMP security function

Configuration Roadmap

The configuration roadmap is as follows:

Configure the switch to discard ICMP packets whose TTL value is 1, ICMP packets that carry options, and ICMP Destination Unreachable packets to reduce its burden in processing a large number of ICMP packets.

Procedure

  1. Configure the switch to discard certain ICMP packets.

    # Configure the switch to discard ICMP packets whose TTL value is 1.

    <HUAWEI> system-view
    [HUAWEI] sysname Switch
    [Switch] icmp ttl-exceeded drop all

    # Configure the switch to discard ICMP packets that carry options.

    [Switch] icmp with-options drop all

    # Configure the switch to discard ICMP packets whose destination addresses are unreachable.

    [Switch] icmp unreachable drop

  2. Verify the configuration.

    # Run the display this command in the system view to view the ICMP security configurations.

    [Switch] display current-configuration | include icmp
    icmp unreachable drop
    icmp ttl-exceeded drop slot 0
    icmp with-options drop slot 0
    

Configuration Files

Switch configuration file

#
sysname Switch
#
icmp unreachable drop
icmp ttl-exceeded drop slot 0
icmp with-options drop slot 0
# 
return
Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100065678

Views: 35846

Downloads: 261

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next