H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

131

132

133

134

135

136

137

138

139

140

Operation Manual – IP Addressing and Performance

H3C S7500E Series Ethernet Switches Chapter 2 IP Performance Configuration

2-6

z If the source uses “strict source routing" to send packets, but the intermediate

device finds the next hop specified by the source is not directly connected, the

device will send the source a “source routing failure” ICMP error packet.

z When forwarding a packet, if the MTU of the sending interface is smaller than the

packet but the packet has been set “Don’t Fragment”, the device will send the

source a “fragmentation needed and Don’t Fragment (DF)-set” ICMP error packet.

II. Disadvantage of sending ICMP error packets

Although sending ICMP error packets facilitate network control and management, it still

has the following disadvantages:

z Sending a lot of ICMP packets will increase network traffic.

z If receiving a lot of malicious packets that cause it to send ICMP error packets, the

device’s performance will be reduced.

z As the redirection function increases the routing table size of a host, the host’s

performance will be reduced if its routing table becomes very large.

z If a host sends malicious ICMP destination unreachable packets, end users may

be affected.

To prevent such problems, you can disable the device from sending ICMP error

packets.

Follow these steps to disable sending ICMP error packets:

To do… Use the command… Remarks

Enter system view

system-view

—

Disable sending ICMP

redirection packets

undo ip redirects

Required

Enabled by default.

Disable sending ICMP

timeout packets

undo ip ttl-expires

Required

Enabled by default.

Disable sending ICMP

destination unreachable

packets

undo ip unreachables

Required

Enabled by default.

 Note:

z The device stops sending “network unreachable” and “source route failure” ICMP

error packets after sending ICMP destination unreachable packets is disabled.

However, other destination unreachable packets can be sent normally.

z The device stops sending “TTL timeout” ICMP error packets after sending ICMP

timeout packets is disabled. However, “reassembly timeout” error packets will be

sent normally.