KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5412R-92G-PoE+/2SFP+ (No PSU) v2 zl2 Switch

271

272

273

274

275

276

277

278

279

280

12 IPv6 Diagnostic and Troubleshooting

NOTE: All commands previously in the Summary of commands table are indexed under the entry

Command syntax.

Introduction

The IPv6 ICMP feature enables control over the error and informational message rate for IPv6

traffic, which can help mitigate the effects of a Denialof- service attack. Ping6 enables verification

of access to a specific IPv6 device, and traceroute6 enables tracing the route to an IPv6-enabled

device on the network.

ICMP Rate-Limiting

ICMP rate-limiting controls the rate at which ICMPv6 generates error and informational messages

for features such as:

• neighbor solicitations

• neighbor advertisements

• multicast listener discovery (MLD)

• path MTU discovery (PMTU)

• duplicate address discovery (DAD)

• neighbor unreachability detection (NUD)

• router discovery

• neighbor discovery (NDP)

ICMPv6 error message generation is enabled by default. The rate of message generation can be

adjusted, or message generation can be disabled.

Controlling the frequency of ICMPv6 error messages can help to prevent DoS (Denial- of- Service)

attacks. With IPv6 enabled on the switch, you can control the allowable frequency of these messages

with ICMPv6 rate-limiting.

Syntax

ipv6 icmp error-interval 0 - 2147483647 [ bucket-size 1 - 200 ]

no ipv6 icmp error-interval

This command is executed from the global configuration level, and uses a “token

bucket” method for limiting the rate of ICMP error and informational messages.

Using this method, each ICMP message uses one token, and a message can be

sent only if there is a token available. In the default configuration, a new token can

be added every 100 milliseconds, and a maximum of 10 tokens are allowed in

the token bucket. If the token bucket is full, a new token cannot be added until an

existing token is used to enable sending an ICMP message. You can increase or

decrease both the the frequency with which used tokens can be replaced and

(optionally) the number of tokens allowed to exist.

error-interval

Specifies the time interval in milliseconds between successive token adds.

Increasing this value decreases the rate at which tokens can be added. A setting

of 0 disables ICMP messaging.

Default : 100; Range: 0 - 2147483647

Introduction 277