R3204P16-HP Load Balancing Module System Maintenance Configuration Guide-6PW101
83
• If an attacker sends abnormal traffic that causes the device to generate ICMP destination
unreachable packets, end users may be affected.
To prevent such problems, you can disable the LB module from sending ICMP error packets.
Configuration procedure
Follow these steps to enable sending of ICMP error packets:
To do… Use the command…
Remarks
Enter system view system-view —
Enable sending of ICMP redirect packets ip redirects enable
Required
Disabled by default.
Enable sending of ICMP timeout packets ip ttl-expires enable
Required
Disabled by default.
Enable sending of ICMP destination
unreachable packets
ip unreachables enable
Required
Disabled by default.
NOTE:
The LB module stops sending “TTL timeout” ICMP error packets after sending ICMP timeout packets is
disabled. However, “reassembly timeout” error packets will be sent normally.
Displaying and maintaining IP performance
optimization
To do… Use the command…
Remarks
Display TCP connection statistics display tcp statistics Available in any view
Display UDP statistics display udp statistics Available in any view
Display statistics of IP packets display ip statistics Available in any view
Display ICMP statistics display icmp statistics Available in any view
Display socket information
display ip socket [ socktype sock-type ]
[ task-id socket-id ]
Available in any view
Display FIB information
display fib [ | { begin | include |
exclude } regular-expression | acl
acl-number | ip-prefix ip-prefix-name ]
Available in any view
Display FIB information matching the
specified destination IP address
display fib ip-address [ mask |
mask-length ]
Available in any view
Clear statistics of IP packets reset ip statistics Available in user view
Clear statistics of TCP connections reset tcp statistics Available in user view
Clear statistics of UDP traffic
reset udp statistics
Available in user view