Operation Manual –IP Address-IP Performance
H3C S3100 Series Ethernet Switches Chapter 2 IP Performance Configuration
2-2
z finwait timer: When the TCP connection is changed into FIN_WAIT_2 state, finwait
timer will be started. If no FIN packets are received within the timer timeout, the
TCP connection will be terminated. If FIN packets are received, the TCP
connection state changes to TIME_WAIT. If non-FIN packets are received, the
system restarts the timer from receiving the last non-FIN packet. The connection is
broken after the timer expires.
z Size of TCP receive/send buffer
Table 2-2 Configure TCP attributes
Operation Command Remarks
Enter system view
system-view
—
Configure TCP synwait
timer’s timeout value
tcp timer syn-timeout
time-value
Optional
By default, the timeout
value is 75 seconds.
Configure TCP finwait
timer’s timeout value
tcp timer fin-timeout
time-value
Optional
By default, the timeout
value is 675 seconds.
Configure the size of TCP
receive/send buffer
tcp window window-size
Optional
By default, the buffer is 8
kilobytes.
2.2.3 Disabling ICMP to Send Error Packets
Sending error packets is a major function of ICMP protocol. In case of network
abnormalities, ICMP packets are usually sent by the network or transport layer
protocols to notify corresponding devices so as to facilitate control and management.
By default, S3100 Series Ethernet Switches support sending ICMP redirect and
destination unreachable packets.
Although sending ICMP error packets facilitate control and management, it still has the
following disadvantages:
z Sending a lot of ICMP packets will increase network traffic.
z If receiving a lot of malicious packets that cause it to send ICMP error packets, the
device’s performance will be reduced.
z As the ICMP redirection function increases the routing table size of a host, the
host’s performance will be reduced if its routing table becomes very large.
z If a host sends malicious ICMP destination unreachable packets, end users may
be affected.
You can disable the device from sending such ICMP error packets for reducing network
traffic and preventing malicious attacks.
To Next Page
Loading...
Need help?
General