beautypg.com

Ipv6 source routing security enhancements, Tcam space on fcx device configuration – Brocade FastIron Ethernet Switch Layer 3 Routing Configuration Guide User Manual

Page 192

background image

Limiting the number of hops an IPv6 packet can traverse

By default, the maximum number of hops an IPv6 packet can traverse is 64. You can change this
value to between 0 - 255 hops. For example, to change the maximum number of hops to 70, enter the
following command.

device(config)#ipv6 hop-limit 70

Syntax: [no] ipv6 hop-limit number

Use the no form of the command to restore the default value.

hop-limit 0 will transmit packets with default (64) hop limit.

number can be from 0 - 255.

IPv6 source routing security enhancements

The IPv6 specification (RFC 2460) specifies support for IPv6 source-routed packets using a type 0
Routing extension header, requiring device and host to process the type 0 routing extension header.
However, this requirement may leave a network open to a DoS attack.

A security enhancement disables sending IPv6 source-routed packets to IPv6 devices. (This
enhancement conforms to RFC 5095.)

By default, when the router drops a source-routed packet, it sends an ICMP Parameter Problem (type
4), Header Error (code 0) message to the packet's source address, pointing to the unrecognized
routing type. To disable these ICMP error messages, enter the following command:

device(config)# no ipv6 icmp source-route

Syntax: [no] ipv6 icmp source-route

Use the ipv6 icmp source-route form of the command to enable the ICMP error messages.

TCAM space on FCX device configuration

FCX devices store routing information for IPv4 and IPv6 and GRE tunnel information in the same
TCAM table. You can configure the amount of TCAM space to allocate for IPv4 routing information
and GRE tunnels. The remaining space is allocated automatically for IPv6 routing information.

FCX devices have TCAM space to store 16,000 IPv4 route entries. Each IPv6 route entry and GRE
tunnel use as much storage space as four IPv4 route entries. The default, maximum, and minimum
allocation values for each type of data are shown in

TCAM space on FCX device configuration

.

TCAM space allocation on FCX and ICX devices (except ICX 6450)

TABLE 32

Default

Maximum

Minimum

IPv4 route entries

12000

15168

4096

IPv6 route entries

908

2884

68

Limiting the number of hops an IPv6 packet can traverse

192

FastIron Ethernet Switch Layer 3 Routing Configuration Guide

53-1003087-04

See also other documents in the category Brocade Computer Accessories: