F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

711

712

713

714

715

716

717

718

719

720

688

Ste

Command

Remarks

978. Configure the IPv6

FIB load sharing

mode.

• Configure load sharing based on the hash

algorithm:

ipv6 fib-loadbalance-type hash-based

• Configure load sharing based on polling:

undo ipv6 fib-loadbalance-type hash-based

Optional.

By default, load sharing

based on polling is adopted

and ECMP routes are used in

turn to forward packets.

224B

Controlling sending ICMPv6 packets

This section describes how to configure ICMPv6 packet sending.

838BConfiguring the maximum ICMPv6 error packets sent in an

interval

If too many ICMPv6 error packets are sent within a short period of time in a network, network congestion

may occur. To avoid network congestion, you can control the maximum number of ICMPv6 error packets

sent within a specific time by adopting the token bucket algorithm.

You can set the capacity of a token bucket to determine the number of tokens in the bucket. In addition,

you can set the update interval of the token bucket, that is, the interval for restoring the configured

capacity. One token allows one ICMPv6 error packet to be sent. Each time an ICMPv6 error packet is

sent, the number of tokens in a token bucket decreases by one. If the number of ICMPv6 error packets

successively sent exceeds the capacity of the token bucket, the additional ICMPv6 error packets cannot

be sent out until the capacity of the token bucket is restored.

To configure the capacity and update interval of the token bucket:

Ste

Command

Remarks

979. Enter system view. system-view N/A

980. Configure the

capacity and update

interval of the token

bucket.

ipv6 icmp-error { bucket

bucket-size | ratelimit

interval } *

Optional.

By default, the capacity of a token bucket is 10 and

the update interval is 100 milliseconds. A

maximum of 10 ICMPv6 error packets can be sent

within 100 milliseconds.

The update interval "0" indicates that the number

of ICMPv6 error packets sent is not restricted.

839BEnabling replying to multicast echo requests

If hosts are configured to answer multicast echo requests, an attacker may use this mechanism to attack

a host. For example, if Host A (an attacker) sends an echo request with the source being Host B to a

multicast address, all hosts in the multicast group send echo replies to Host B. To prevent such an attack,

disable a device from answering multicast echo requests by default. In some application scenarios,

however, you need to enable the device to answer multicast echo requests.

To enable replying to multicast echo requests: