214
Step Command Remarks
2. Enable sending ICMP
error messages.
• Enable sending ICMP redirect messages:
ip redirects enable
• Enable sending ICMP time exceeded
messages:
ip ttl-expires enable
• Enable sending ICMP destination
unreachable messages:
ip unreachables enable
The default settings are
disabled.
Sending ICMP error messages facilitates network management, but sending excessive ICMP
messages increases network traffic. The device performance degrades if it receives a lot of
malicious ICMP messages that cause it to respond with ICMP error messages.
To prevent such problems, you can disable the device from sending ICMP error messages. A device
that is disabled from sending ICMP time exceeded messages does not send ICMP TTL exceeded in
transit messages. However, it can still send ICMP fragment reassembly time exceeded messages.
Configuring rate limit for ICMP error messages
To avoid sending excessive ICMP error messages within a short period that might cause network
congestion, you can limit the rate at which ICMP error messages are sent. A token bucket algorithm
is used with one token representing one ICMP error message.
A token is placed in the bucket at intervals until the maximum number of tokens that the bucket can
hold is reached.
A token is removed from the bucket when an ICMP error message is sent. When the bucket is empty,
ICMP error messages are not sent until a new token is placed in the bucket.
To configure rate limit for ICMP error messages:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Set the bucket size and
the interval for tokens to
arrive in the bucket for
ICMP error messages.
ip icmp error-interval
interval
[ bucketsize ]
By default, the bucket allows a
maximum of 10 tokens. A token is
placed in the bucket at an interval of 100
milliseconds.
To disable the ICMP rate limit, set the
interval to 0 milliseconds.
Specifying the source address for ICMP packets
Perform this task to specify the source IP address for outgoing ping echo request and ICMP error
messages. As a best practice, specify the IP address of the loopback interface as the source IP
address. This feature helps users to locate the sending device easily.
If you specify an IP address in the ping command, ping echo requests use the specified address as
the source IP address rather than the IP address specified by the ip icmp source command.
To specify the source IP address for ICMP packets:
To Next Page
Loading...
