beautypg.com

Configuring reachable time for remote ipv6 nodes, Ipv6 source routing security enhancements, Complete filtering of ipv6 source-routed packets – Brocade Multi-Service IronWare Routing Configuration Guide (Supporting R05.6.00) User Manual

Page 478: Configuring, Reachable time for remote ipv6 nodes

background image

450

Multi-Service IronWare Routing Configuration Guide

53-1003033-02

IPv6 source routing security enhancements

Brocade(config)# interface ethernet 3/1

Brocade(config-if-e100-3/1)# ipv6 nd managed-config-flag

Brocade(config-if-e100-3/1)# ipv6 nd other-config-flag

Syntax: [no] ipv6 nd managed-config-flag

Syntax: [no] ipv6 nd other-config-flag

To remove either flag from router advertisement messages sent on an interface, use the no form of
the respective command.

Configuring reachable time for remote IPv6 nodes

You can configure the duration (in seconds) that a device considers a remote IPv6 node reachable.
By default, an interface uses the value of 30 seconds.

The router advertisement messages sent by an interface include the amount of time specified by
the ipv6 nd reachable-time command so that nodes on a link use the same reachable time
duration. By default, the messages include a default value of 0.

NOTE

The device uses seconds, instead of milliseconds, for the interval at which it sends router
advertisement messages.

It is not recommended to configure a short reachable time duration, because a short duration
causes the IPv6 network devices to process the information at a greater frequency.

For example, to configure the reachable time of 40 seconds for Ethernet interface 3/1, enter the
following commands.

Brocade(config)# interface ethernet 3/1

Brocade(config-if-e100-3/1)# ipv6 nd reachable-time 40

Syntax: [no] ipv6 nd reachable-time seconds

For the seconds parameter, you can specify between 0-3600 seconds. To restore the default time,
use the no form of this command.

IPv6 source routing security enhancements

The IPv6 specification (RFC 2460) specifies support for IPv6 source-routed packets using a type 0
Routing extension header, requiring device and host to process the type 0 routing extension
header. However, this requirement may leave a network open to a DoS attack.

A security enhancement disables sending IPv6 source-routed packets to IPv6 devices either
completely or selectively as described in the following sections. (This enhancement conforms to
RFC 5095.)

Complete filtering of IPv6 source-routed packets

Brocade devices are configured to drop all IPv6 source-routed packets in hardware and software as
described:

See also other documents in the category Brocade Computer Accessories: