225
Enabling sending ICMPv6 time exceeded messages
The device sends the source ICMPv6 time exceeded messages as follows:
• If a received packet is not destined for the device and its hop limit is 1, the device sends an
ICMPv6 hop limit exceeded in transit message to the source.
• Upon receiving the first fragment of an IPv6 datagram destined for the device, the device starts
a timer. If the timer expires before all the fragments arrive, the device sends an ICMPv6
fragment reassembly time exceeded message to the source.
If the device receives large numbers of malicious packets, its performance degrades greatly
because it must send back ICMP time exceeded messages. To prevent such attacks, disable
sending ICMPv6 time exceeded messages.
To enable sending ICMPv6 time exceeded messages:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable sending ICMPv6 time
exceeded messages.
ipv6 hoplimit-expires
enable
The default setting is disabled.
Enabling sending ICMPv6 redirect messages
Upon receiving a packet from a host, the device sends an ICMPv6 redirect message to inform the
host of a better next hop when the following conditions are met:
• The interface receiving the packet is the interface forwarding the packet.
• The selected route is not created or modified by any ICMPv6 redirect messages.
• The selected route is not a default route.
• The forwarded packet does not contain the routing extension header.
The ICMPv6 redirect function simplifies host management by enabling hosts that hold few routes to
optimize their routing table gradually. However, to avoid adding too many routes on hosts, this
function is disabled by default.
To enable sending ICMPv6 redirect messages:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable sending ICMPv6 redirect
messages.
ipv6 redirects enable
By default, sending ICMPv6
redirect messages is disabled.
Specifying the source address for ICMPv6 packets
Perform this task to specify the source IPv6 address for outgoing ping echo requests and ICMPv6
error messages. It is a good practice to specify the IPv6 address of the loopback interface as the
source IPv6 address. This function helps users to easily locate the sending device.
If you specify an IPv6 address in the ping command, ping echo requests use the specified address
as the source IPv6 address. Otherwise, ping echo requests use the IPv6 address specified by the
ipv6 icmpv6 source command.
To specify the source IPv6 address for ICMPv6 packets:
To Next Page
Loading...
Need help?
General
