F3215-HP Load Balancing Module Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

361

362

363

364

365

366

367

368

369

370

351

Ste

Command

Remarks

2. Configure the IPv6 FIB

load sharing mode.

• Configure load sharing based on

the hash algorithm:

ipv6 fib-loadbalance-type

hash-based

• Configure load sharing based on

polling:

undo ipv6 fib-loadbalance-type

hash-based

Optional.

By default, load sharing based on

polling is adopted and ECMP

routes are used in turn to forward

packets.

Configuring ICMPv6 packet sending

This section describes how to configure ICMPv6 packet sending.

Configuring the maximum ICMPv6 error packets sent in an

interval

If too many ICMPv6 error packets are sent within a short period of time in a network, network congestion

may occur. To avoid network congestion, you can control the maximum number of ICMPv6 error packets

sent within a specified time by adopting the token bucket algorithm.

You can set the capacity of a token bucket to determine the number of tokens in the bucket. In addition,

you can set the update interval of the token bucket, that is, the interval for restoring the configured

capacity. One token allows one ICMPv6 error packet to be sent. Each time an ICMPv6 error packet is

sent, the number of tokens in a token bucket decreases by one. If the number of ICMPv6 error packets

successively sent exceeds the capacity of the token bucket, the additional ICMPv6 error packets cannot

be sent out until the capacity of the token bucket is restored.

To configure the capacity and update interval of the token bucket:

Ste

Command

Remarks

1. Enter system view. system-view N/A

2. Configure the

capacity and update

interval of the token

bucket.

ipv6 icmp-error { bucket

bucket-size | ratelimit

interval } *

Optional.

By default, the capacity of a token bucket is 10 and

the update interval is 100 milliseconds. A

maximum of 10 ICMPv6 error packets can be sent

within 100 milliseconds.

The update interval "0" indicates that the number

of ICMPv6 error packets sent is not restricted.

Enabling replying to multicast echo requests

If hosts are configured to answer multicast echo requests, an attacker may use this mechanism to attack

a host. For example, if Host A (an attacker) sends an echo request with the source being Host B to a

multicast address, all the hosts in the multicast group send echo replies to Host B. To prevent such an

attack, disable a device from answering multicast echo requests by default. In some application

scenarios, however, you need to enable the device to answer multicast echo requests.