Configuring Application Layer Protocol Type-Based Session Aging Times; Configuring Session Early Aging - HP A6600 Configuration Manual

To set the session aging times based on protocol state:
To do...
1. Enter system view.
2. Set the aging time for
sessions of a specified
protocol and in a
specified state.
Configuring application layer protocol type-based session
aging times
Aging times set in this task apply only to the sessions in the READY/ESTABLISH state.
For sessions in the READY (with UDP) or ESTABLISH (with TCP) state, set the session aging times
according to the types of application layer protocols to which the sessions belong.
CAUTION:
For a large amount of sessions (more than 800,000), do not specify too short of an aging time.
Otherwise, the console might be slow in response.
To set session aging times based on application layer protocol type:
To do...
1. Enter system view.
2. Set the aging time for sessions
of an application layer
protocol.

Configuring session early aging

A router that does not support attack detection or attack protection is vulnerable to attacks that exploit
large amounts of sessions. Such attacks use up the session resources of the router, disabling the router
from providing processing services, such as NAT.
Command...
system-view
session aging-time { accelerate | fin |
icmp-closed | icmp-open | rawip-open |
rawip-ready | syn | tcp-est | udp-open
| udp-ready } time-value
Command...
system-view
application aging-time { dns | ftp
| msn | qq | sip } time-value
363
Remarks
—
Required.
The defaults are as follows:
•
accelerate: 10 seconds
•
fin: 30 seconds
• icmp-closed: 30 seconds
• icmp-open: 60 seconds
• rawip-open: 30 seconds
• rawip-ready: 60 seconds
• syn: 30 seconds
•
tcp-est: 3600 seconds
• udp-open: 30 seconds
• udp-ready: 60 seconds
Remarks
—
Required.
The defaults are as follows:
• dns: 60 seconds
• ftp: 3600 seconds
• msn: 3600 seconds
• qq: 60 seconds
• sip: 300 seconds