Configuring icmpv6 packet sending, Enabling replying to multicast echo requests – H3C Technologies H3C S12500 Series Switches User Manual
Page 168
154
Step Command
Remarks
2.
Configure the IPv6 FIB
load sharing mode.
•
Configure the load sharing based on the
hash algorithm:
ipv6 fib-loadbalance-type hash-based
•
Configure the load sharing based on
polling:
undo ipv6 fib-loadbalance-type
hash-based
Optional.
By default, the load sharing
based on polling is adopted,
and each ECMP route is used
in turn to forward packets.
Configuring ICMPv6 packet sending
Configuring the maximum ICMPv6 error packets sent in an
interval
If too many ICMPv6 error packets are sent within a short time in a network, network congestion might
occur. To avoid network congestion, you can control the maximum number of ICMPv6 error packets sent
within a specific time by adopting the token bucket algorithm.
You can set the capacity of a token bucket to determine the number of tokens in the bucket. In addition,
you can set the update interval of the token bucket, the interval for restoring the configured capacity. One
token allows one ICMPv6 error packet to be sent. Each time an ICMPv6 error packet is sent, the number
of tokens in a token bucket decreases by one. If the number of ICMPv6 error packets successively sent
exceeds the capacity of the token bucket, the additional ICMPv6 error packets cannot be sent out until
the capacity of the token bucket is restored.
To configure the capacity and update interval of the token bucket:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Configure the capacity
and update interval of
the token bucket.
ipv6 icmp-error { bucket
bucket-size | ratelimit
interval } *
Optional.
By default, the capacity of a token bucket is 10 and
the update interval is 100 milliseconds. At most 10
ICMPv6 error packets can be sent within 100
milliseconds.
The update interval 0 indicates that the number of
ICMPv6 error packets sent is not restricted.
Enabling replying to multicast echo requests
If hosts are configured to answer multicast echo requests, an attacker might use this mechanism to attack
a host. For example, if Host A (an attacker) sends an echo request with the source being Host B to a
multicast address, all the hosts in the multicast group will send echo replies to Host B. To prevent such an
attack, disable a device from replying multicast echo requests by default. In some application scenarios,
however, you need to enable the device to reply multicast echo requests.
To enable replying to multicast echo requests: