2-3
z If the destination of a packet is local while the transport layer protocol of the packet is not supported
by the local device, the device sends a “protocol unreachable” ICMP error packet to the source.
z When receiving a packet with the destination being local and transport layer protocol being UDP, if
the packet’s port number does not match the running process, the device will send the source a
“port unreachable” ICMP error packet.
z If the source uses “strict source routing" to send packets, but the intermediate device finds that the
next hop specified by the source is not directly connected, the device will send the source a “source
routing failure” ICMP error packet.
z When forwarding a packet, if the MTU of the sending interface is smaller than the packet but the
packet has “Don’t Fragment” set, the device will send the source a “fragmentation needed and
Don’t Fragment (DF)-set” ICMP error packet.
Disadvantages of sending ICMP error packets
Although sending ICMP error packets facilitate control and management, it still has the following
disadvantages:
z Sending a lot of ICMP packets will increase network traffic.
z If a device receives a lot of malicious packets that cause it to send ICMP error packets, its
performance will be reduced.
z As the ICMP redirection function increases the routing table size of a host, the host’s performance
will be reduced if its routing table becomes very large.
z If a host sends malicious ICMP destination unreachable packets, end users may be affected.
To prevent the above mentioned problems, you can disable the device from sending such ICMP error
packets.
Follow these steps to disable sending ICMP error packets:
To do… Use the command… Remarks
Enter system view
system-view
—
Disable sending of ICMP
redirects
undo icmp redirect send
Required
Enabled by default.
Disable sending of ICMP
destination unreachable
packets
undo icmp unreach send
Required
Enabled by default.
Displaying and Maintaining IP Performance Optimization
Configuration
To do… Use the command… Remarks
Display TCP connection status
display tcp status
Display TCP connection statistics
display tcp statistics
Display UDP traffic statistics
display udp statistics
Display IP traffic statistics
display ip statistics
Display ICMP traffic statistics
display icmp statistics
Display the current socket information of the
system
display ip socket
[ socktype sock-type ]
[ task-id socket-id ]
Available in any
view
To Next Page
Loading...
