92 CHAPTER 8: IP PERFORMANCE CONFIGURATION
the system restarts the timer from receiving the last non-FIN packet. The
connection is broken after the timer expires.
■ Size of TCP receive/send buffer
Disabling ICMP to Send
Error Packets
Sending error packets is a major function of ICMP protocol. In case of network
abnormalities, ICMP packets are usually sent by the network or transport layer
protocols to notify corresponding devices so as to facilitate control and
management.
By default, Switch 4210 Family support sending ICMP redirect and destination
unreachable packets.
Although sending ICMP error packets facilitate control and management, it still
has the following disadvantages:
■ Sending a lot of ICMP packets will increase network traffic.
■ If receiving a lot of malicious packets that cause it to send ICMP error packets,
the device’s performance will be reduced.
■ As the ICMP redirection function increases the routing table size of a host, the
host’s performance will be reduced if its routing table becomes very large.
■ If a host sends malicious ICMP destination unreachable packets, end users may
be affected.
You can disable the device from sending such ICMP error packets for reducing
network traffic and preventing malicious attacks.
Tabl e 52 Configure TCP attributes
Operation Command Remarks
Enter system view system-view -
Configure TCP synwait timer’s
timeout value
tcp timer syn-timeout
time-value
Optional
By default, the timeout value
is 75 seconds.
Configure TCP finwait timer’s
timeout value
tcp timer fin-timeout
time-value
Optional
By default, the timeout value
is 675 seconds.
Configure the size of TCP
receive/send buffer
tcp window window-size Optional
By default, the buffer is 8
kilobytes.
Tabl e 53 Disable sending ICMP error packets
Operation Command Remarks
Enter system view system-view -
Disable sending ICMP
redirects
undo icmp redirect send Required
Enabled by default
Disable sending ICMP
destination unreachable
packets
undo icmp unreach send Required
Enabled by default
To Next Page
Loading...
