Configuration Guide Configuring IP Addresses and Services
Related Commands
Configuring the Transmission Rate of ICMP Destination Unreachable Packets Triggered by the DF Bit in the IP
Header
ip icmp error-interval DF milliseconds [bucket-size]
milliseconds: Refresh cycle of a token bucket. The value range is from 0 to 2,147,483,647 and the default
value is 100 milliseconds. When the value is 0, the transmission rate of ICMP error packets is not limited.
bucket-size: Number of tokens contained in a token bucket. The value range is from 1 to 200 and the default
value is 10.
Global configuration mode.
This function limits the transmission rate of ICMP error packets to prevent DoS attacks by using the token
bucket algorithm.
If an IP packet needs to be fragmented but the DF bit in the header is set to 1, the device sends an ICMP
destination unreachable packet (code 4) to the source host. This ICMP error packet is used to discover the
path MTU. When there are too many other ICMP error packets, the ICMP destination unreachable packet
(code 4) may not be sent. As a result, the path MTU discovery function fails. To avoid this problem, you
should limit the transmission rate of ICMP destination unreachable packets and other ICMP error packets
respectively.
It is recommended to set the refresh cycle to integral multiples of 10 milliseconds. If the refresh cycle is set
to a value greater than 0 and smaller than 10 milliseconds, the refresh cycle that actually takes effect is 10
milliseconds. For example, if the refresh rate is set to 1 per 5 milliseconds, the refresh rate that actually
takes effect is 2 per 10 milliseconds. If the refresh cycle is not integral multiples of 10 milliseconds, the
refresh cycle that actually takes effect is automatically converted to integral multiples of 10 milliseconds. For
example, if the refresh rate is set to 3 per 15 milliseconds, the refresh rate that actually takes effect is 2 per
10milliseconds.
Configuring the Transmission Rate of Other ICMP Error Packets
ip icmp error-interval milliseconds [bucket-size]
milliseconds: Refresh cycle of a token bucket. The value range is 0to 2,147,483,647, and the default value is
100 (ms). When the value is 0, the transmission rate of ICMP error packets is not limited.
bucket-size: Number of tokens contained in a token bucket. The value range is 1to 200 and the default value
is 10.
Global configuration mode.
This function limits the transmission rate of ICMP error packets to prevent DoS attacks by using the token
bucket algorithm.
It is recommended to set the refresh cycle to integral multiples of 10 milliseconds. If the refresh cycle is set
to a value greater than 0 and smaller than 10 milliseconds, the refresh cycle that actually takes effect is 10
milliseconds. For example, if the refresh rate is set to 1 per 5 milliseconds, the refresh rate that actually
takes effect is 2 per 10 milliseconds. If the refresh cycle is not integral multiples of 10 milliseconds, the
To Next Page
Loading...
