No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Service

S2720, S5700, and S6720 V200R013C00

This document describes the configurations of IP Service, including IP address, ARP, DHCP, DHCP policy VLAN, DNS, mDNS gateway, mDNS relay, UDP Helper, IP performance optimization, IPv6, DHCPv6, IPv6 DNS, IPv6 over IPv4 tunnel, and IPv4 over IPv6 tunnel.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring ICMPv6 Error Packet Control

Configuring ICMPv6 Error Packet Control

Context

Configuring ICMPv6 error packet control reduces network traffic and prevents malicious attacks. Network congestion may occur when a large number of ICMPv6 error packets are sent on the network within a short period of time. To prevent network congestion, you can limit the maximum number of ICMPv6 error packets sent in a specified period using the token bucket algorithm.

You can set the bucket size and interval for placing tokens into the bucket. The bucket size indicates the maximum number of tokens that a bucket can hold. One token represents one ICMPv6 error packet. When an ICMPv6 error packet is sent, one token is taken out of the token bucket. When there are no tokens, ICMPv6 error packets cannot be sent until new tokens are placed into the token bucket.

If transmission of too many ICMPv6 error packets causes network congestion or the network is attacked by forged ICMPv6 error packets, you can disable the system from receiving ICMPv6 error packets, Host Unreachable packets, and Port Unreachable packets.

Pre-configuration Tasks

Before setting rate limit for sending ICMPv6 error packets, perform the task of Configuring IPv6 Addresses for Interfaces.

Procedure

  • Control ICMPv6 error messages in the system view.
    1. Run system-view

      The system view is displayed.

    2. Run ipv6

      IPv6 packet forwarding is enabled.

      By default, a device is disabled from forwarding IPv6 unicast packets.

    3. Run ipv6 icmp-error { bucket bucket-size | ratelimit interval } *

      Rate limit for sending ICMPv6 error packets is set.

      By default, a token bucket can hold a maximum of 10 tokens and the interval for placing tokens into the bucket is 100 ms.

      NOTE:

      If transmission of too many ICMPv6 error packets causes network congestion or the network is attacked by forged ICMPv6 error packets, you can also run the undo ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } receive command to disable the system from receiving ICMPv6 error packets, Host Unreachable packets, and Port Unreachable packets.

    4. Run ipv6 icmp too-big-rate-limit

      The device is enabled to reject oversized ICMPv6 error messages.

      By default, the device rejects oversized ICMPv6 error messages.

    5. Run undo ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } receive

      The system is disabled from receiving ICMPv6 messages.

      By default, the system is enabled to receive ICMPv6 messages.

    6. Run undo ipv6 icmp { icmpv6-type icmpv6-code | icmpv6-name | all } send

      The system is disabled from sending ICMPv6 messages.

      By default, the system is enabled to send ICMPv6 messages.

    7. Run ipv6 icmp blackhole unreachable send

      The Broadband Remote Access Server (BRAS) is enabled to send a Destination Unreachable ICMP packet to an initiator when a tracert packet matches an IPv6 blackhole route.

      By default, the BRAS is disabled from sending a Destination Unreachable ICMP packet to an initiator when a tracert packet matches an IPv6 blackhole route.

  • Control ICMPv6 messages in the interface view.
    1. Run system-view

      The system view is displayed.

    2. Run interface interface-type interface-number

      The specified interface view is displayed.

    3. (Optional) On an Ethernet interface, run undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.
      NOTE:

      Only the S5720EI, S5720HI, S5730HI, S6720EI, S6720HI, and S6720S-EI support switching between Layer 2 and Layer 3 modes.

    4. Run ipv6 enable

      The IPv6 function is enabled on the interface.

      By default, the IPv6 function is disabled on an interface.

    5. Run undo ipv6 icmp port-unreachable send

      The interface is disabled from sending ICMPv6 Port Unreachable messages.

      By default, the function of sending ICMPv6 Port Unreachable messages configured globally also takes effect on an interface.

    6. Run undo ipv6 icmp hop-limit-exceeded send

      The interface is disabled from sending ICMPv6 Hop Limit Exceeded messages.

      By default, the function of sending ICMPv6 Hop Limit Exceeded messages configured globally also takes effect on an interface.

Verifying the Configuration

  • Run the display ipv6 interface [ interface-type interface-number | brief ] command to check IPv6 information about a specified interface.

  • Run the display icmpv6 statistics command to check ICMPv6 traffic statistics.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100065678

Views: 25345

Downloads: 165

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next