Disadvantages of sending icmp error packets, Configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

95

•

When forwarding a packet, if the MTU of the sending interface is smaller than the packet, but the

packet has been set as “Don't Fragment”, the device will send the source a “fragmentation needed
and Don't Fragment (DF)-set” ICMP error packet.

Disadvantages of sending ICMP error packets

Sending ICMP error packets facilitates network control and management, but it has the following

disadvantages:

•

Increases network traffic.

•

A device's performance degrades if it receives a lot of malicious packets that cause it to respond
with ICMP error packets.

•

A host's performance degrades if the redirection function increases the size of its routing table.

•

End users are affected because of receiving ICMP destination unreachable packets caused by
malicious users.

To prevent such problems, disable the device from sending ICMP error packets.

NOTE:

The switching engine on the WX3000E Series Wireless Switches does not support sending of ICMP error
packets.

Configuration procedure

Follow these steps to enable sending of ICMP error packets:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable sending of ICMP timeout packets

ip ttl-expires enable

Required
Disabled by default.

Enable sending of ICMP destination
unreachable packets

ip unreachables enable

Required
Disabled by default.

NOTE:

When sending ICMP timeout packets is disabled, the device will not send “TTL timeout” ICMP error
packets. However, “reassembly timeout” error packets will be sent normally.

Displaying and maintaining IP performance

optimization

To do…

Use the command…

Remarks

Display TCP connection statistics

display tcp statistics [ | { begin | exclude |
include } regular-expression ]

Available in any view

Display UDP statistics

display udp statistics [ | { begin | exclude |
include } regular-expression ]

Available in any view