R2511-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

291

292

293

294

295

296

297

298

299

300

279

Ste

Command

Remarks

2. Configure the

capacity and update

interval of the token

bucket.

ipv6 icmp-error { bucket

bucket-size | ratelimit

interval } *

Optional.

By default, the capacity of a token bucket is 100

and the update interval is 1000 milliseconds. A

maximum of 100 ICMPv6 error packets can be

sent within 1000 milliseconds.

Enabling replying to multicast echo requests

If hosts are configured to answer multicast echo requests, an attacker might use this mechanism to attack

a host. For example, if Host A (an attacker) sends an echo request with the source being Host B to a

multicast address, all the hosts in the multicast group send echo replies to Host B. To prevent such an

attack, disable a device from answering multicast echo requests by default. In some application

scenarios, however, you need to enable the device to answer multicast echo requests.

To enable replying to multicast echo requests:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enable replying to multicast

echo requests.

ipv6 icmpv6 multicast-echo-reply

enable

The device is disabled from

replying to multicast echo requests.

Enabling sending ICMPv6 time exceeded messages

A device sends out an ICMPv6 Time Exceeded message in the following cases:

• If a received IPv6 packet's destination IP address is not a local address and its hop limit is 1, the

device sends an ICMPv6 Hop Limit Exceeded message to the source.

• Upon receiving the first fragment of an IPv6 datagram with the destination IP address being the

local address, the device starts a timer. If the timer expires before all the fragments arrive, an

ICMPv6 Fragment Reassembly Timeout message is sent to the source.

If large quantities of malicious packets are received, the performance of a device degrades greatly

because it must send back ICMP Time Exceeded messages. You can disable sending ICMPv6 Time

Exceeded messages.

To enable sending ICMPv6 time exceeded messages:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enable sending ICMPv6 time

exceeded messages.

ipv6 hoplimit-expires enable

Optional.

Enabled by default.

Enabling sending ICMPv6 destination unreachable messages

If the device fails to forward a received IPv6 packet because of one of the following reasons, it drops the

packet and sends a corresponding ICMPv6 Destination Unreachable error message to the source.