Enabling sending icmpv6 time exceeded messages, Enabling sending icmpv6 redirect messages – H3C Technologies H3C S5560 Series Switches User Manual
Page 174
159
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable sending ICMPv6 destination
unreachable messages.
ipv6 unreachables enable
By default, this function is
disabled.
Enabling sending ICMPv6 time exceeded messages
The device sends ICMPv6 Time Exceeded messages as follows:
•
If a received packet is not destined for the device and its hop limit is 1, the device sends an ICMPv6
Hop Limit Exceeded message to the source.
•
Upon receiving the first fragment of an IPv6 datagram destined for the device, the device starts a
timer. If the timer expires before all the fragments arrive, the device sends an ICMPv6 Fragment
Reassembly Timeout message to the source.
If the device receives large numbers of malicious packets, its performance degrades greatly because it
must send back ICMP Time Exceeded messages. To prevent such attacks, disable sending ICMPv6 Time
Exceeded messages.
To enable sending ICMPv6 time exceeded messages:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable sending ICMPv6 time
exceeded messages.
ipv6 hoplimit-expires enable
The default setting is disabled.
Enabling sending ICMPv6 redirect messages
Upon receiving a packet from a host, the device sends an ICMPv6 redirect message to inform the host of
a better next hop when the following conditions are met:
•
The interface receiving the packet is the interface forwarding the packet.
•
The selected route is not created or modified by any ICMPv6 redirect message.
•
The selected route is not a default route.
•
The forwarded packet does not contain the routing extension header.
The ICMPv6 redirect function simplifies host management by enabling hosts that hold few routes to
optimize their routing table gradually. However, to avoid adding too many routes on hosts, this function
is disabled by default.
To enable sending ICMPv6 redirect messages:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable sending ICMPv6 redirect
messages.
ipv6 redirects enable
By default, sending ICMPv6
redirect messages is disabled.