H3C S3610-28P Operation Manual page 142

Operation Manual – IP Addressing and Performance
H3C S3610&S5510 Series Ethernet Switches
3) Sending ICMP destination unreachable packets
If the device receives an IP packet with the destination unreachable, it will drop the
packet and send an ICMP destination unreachable error packet to the source.
Conditions for sending this ICMP packet:
If neither a route nor the default route for forwarding a packet is available, the
device will send a "network unreachable" ICMP error packet.
If the destination of a packet is local while the transport layer protocol of the packet
is not supported by the local device, the device sends a "protocol unreachable"
ICMP error packet to the source.
When receiving a packet with the destination being local and transport layer
protocol being UDP, if the packet's port number does not match the running
process, the device will send the source a "port unreachable" ICMP error packet.
If the source uses "strict source routing" to send packets, but the intermediate
device finds the next hop specified by the source is not directly connected, the
device will send the source a "source routing failure" ICMP error packet.
When forwarding a packet, if the MTU of the sending interface is smaller than the
packet but the packet has been set "Don't Fragment", the device will send the
source a "fragmentation needed and Don't Fragment (DF)-set" ICMP error packet.
II. Disadvantage of sending ICMP error packets
Although sending ICMP error packets facilitate network control and management, it still
has the following disadvantages:
Sending a lot of ICMP packets will increase network traffic.
If receiving a lot of malicious packets that cause it to send ICMP error packets, the
device's performance will be reduced.
As the redirection function increases the routing table size of a host, the host's
performance will be reduced if its routing table becomes very large.
If a host sends malicious ICMP destination unreachable packets, end users may
be affected.
To prevent such problems, you can disable the device from sending ICMP error
packets.
Follow these steps to disable sending ICMP error packets:
Enter system view
Disable sending ICMP
redirection packets
Disable sending ICMP
timeout packets
To do...
system-view
undo ip redirects
undo ip ttl-expires
Chapter 2 IP Performance Configuration
Use the command...
2-8
Remarks
—
Required
Enabled by default.
Required
Enabled by default.