No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Service

S7700 and S9700 V200R013C00

This document describes the configurations of IP service, including IP address, ARP, DHCP, DNS, mDNS gateway, mDNS relay, UDP Helper, IP performance optimization, IPv6, DHCPv6, IPv6 DNS, IPv6 over IPv4 tunnel and IPv4 over IPv6 tunnel.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the Switch to Discard IPv6 Packets with Specified Extension Headers

Configuring the Switch to Discard IPv6 Packets with Specified Extension Headers

Context

IPv6 packets may contain the following extension headers:

  • Routing header: An IPv6 source node uses this header to specify the intermediate nodes that a packet must pass through on the way to its destination.

  • Fragment header: The length of IPv6 packets to be forwarded cannot exceed the maximum transmission unit (MTU) specified on interfaces of devices along the forwarding path. When the packet length exceeds the MTU, the packet needs to be fragmented. In IPv6, the fragment header is used by an IPv6 source node to send a packet larger than the MTU. Fragmentation in IPv6 is performed only by source nodes, not by intermediate nodes along the path a packet traverses.

  • Destination options header: This header carries information that only the destination node of a packet processes.

Malicious attacks can be initiated using these IPv6 extension headers. For example, the routing header can be used to specify a node that packets must pass through. The fragment header can be used to set the MTU to a small value on the source node, leading to a large number of data fragments. The destination options header can specify destination devices to process IPv6 packets. If attackers send a large number of such IPv6 packets to the switch, the switch is busy handling these packets, degrading the forwarding performance. To prevent malicious network attacks and reduce impact on the forwarding performance, you can enable the switch to discard IPv6 packets destined for the switch and containing specified extension headers.

Based on actual requirements, users can configure the switch to discard IPv6 packets with the above extension headers.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipv6 with-options drop

    The switch is enabled to discard IPv6 packets destined for the switch and containing specified extension headers.

    By default, the switch is disabled from discarding IPv6 packets destined for the switch and containing specified extension headers.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100065743

Views: 27332

Downloads: 31

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next