Configuring Tcp Optional Parameters; Configuring Icmp To Send Error Packets - H3C S5120-SI Series Configuration Manual
Hide thumbs
Also See for S5120-SI Series:
- Command reference manual (910 pages) ,
- Configuration manual (745 pages) ,
- Operation manual (697 pages)
Table of Contents
Advertisement
With protection against Naptha attack enabled, the device periodically checks and records the number of TCP
•
connections in each state.
With protection against Naptha attack enabled, if the device detects that the number of TCP connections in a
•
state exceeds the maximum number, the device considers that as Naptha attacks and accelerates the aging of
these TCP connections. The device does not stop accelerating the aging of TCP connections until the number of
TCP connections in the state is less than 80% of the maximum number.
Configuring TCP optional parameters
TCP optional parameters that can be configured include:
•
synwait timer: When sending a SYN packet, TCP starts the synwait timer. If no response packet is
received within the synwait timer interval, the TCP connection cannot be created.
•
finwait timer: When a TCP connection is changed into FIN_WAIT_2 state, the finwait timer is
started. If no FIN packets is received within the timer interval, the TCP connection will be terminated.
If a FIN packet is received, the TCP connection state changes to TIME_WAIT. If a non-FIN packet is
received, the system restarts the timer upon receiving the last non-FIN packet. The connection is
broken after the timer expires.
•
Size of TCP receive/send buffer
To configure TCP optional parameters:
To do...
1.
Enter system view
2.
Configure the TCP synwait
timer
3.
Configure the TCP finwait timer
4.
Configure the size of TCP
receive/send buffer
The actual length of the finwait timer is determined by the following formula:
Actual length of the finwait timer = (Configured length of the finwait timer – 75) + configured length of the
•
synwait timer
Configuring ICMP to send error packets
Sending error packets is a major function of ICMP. In case of network abnormalities, ICMP error packets
are usually sent by the network or transport layer protocols to notify corresponding devices so as to
facilitate control and management.
Use the command...
system-view
tcp timer syn-timeout time-
value
tcp timer fin-timeout time-value
tcp window window-size
61
Remarks
—
Optional
75 seconds by default.
Optional
675 seconds by default.
Optional
8 KB by default.
Advertisement
Table of Contents
