Enabling Sending Icmpv6 Time Exceeded Messages; Enabling Sending Icmpv6 Destination Unreachable Messages - HP 10500 Series Configuration Manual

Layer 3 - ip services

Hide thumbs Also See for 10500 Series:

Security configuration manual (596 pages)

Configuration manual (512 pages)

Specifications (42 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

Table of Contents

multicast address, all the hosts in the multicast group send echo replies to Host B. To prevent such an

attack, disable a device from answering multicast echo requests by default. In some application

scenarios, however, you need to enable the device to answer multicast echo requests.

To enable replying to multicast echo requests:

Step

Enter system view.

Enable replying to multicast

echo requests.

Enabling sending ICMPv6 time exceeded messages

A device sends out an ICMPv6 Time Exceeded message in the following cases:

If a received IPv6 packet's destination IP address is not a local address and its hop limit is 1, the

•

device sends an ICMPv6 Hop Limit Exceeded message to the source.

•

Upon receiving the first fragment of an IPv6 datagram with the destination IP address being the

local address, the device starts a timer. If the timer expires before all the fragments arrive, an

ICMPv6 Fragment Reassembly Timeout message is sent to the source.

If large quantities of malicious packets are received, the performance of a device degrades greatly

because it must send back ICMP Time Exceeded messages. You can disable sending of ICMPv6 Time

Exceeded messages.

To enable sending ICMPv6 time exceeded messages:

Step

Enter system view.

Enable sending ICMPv6 Time

Exceeded messages.

Enabling sending ICMPv6 destination unreachable messages

If the device fails to forward a received IPv6 packet because of one of the following reasons, it drops the

packet and sends a corresponding ICMPv6 Destination Unreachable error message to the source.

If no route is available for forwarding the packet, the device sends a "no route to destination"

•

ICMPv6 error message to the source.

If the device fails to forward the packet because of an administrative prohibition (such as a firewall

•

filter or an ACL), the device sends the source a "destination network administratively prohibited"

ICMPv6 error message.

•

If the device fails to deliver the packet because the destination is beyond the scope of the source

IPv6 address (for example, the source IPv6 address of the packet is a link-local address whereas the

destination IPv6 address of the packet is a global unicast address), the device sends the source a

"beyond scope of source address" ICMPv6 error message.

If the device fails to resolve the corresponding link layer address of the destination IPv6 address, the

•

device sends the source an "address unreachable" ICMPv6 error message.

Command

system-view

ipv6 icmpv6 multicast-echo-reply

enable

Command

system-view

ipv6 hoplimit-expires enable

125

Remarks

N/A

Not enabled by default.

Remarks

N/A

Optional.

Enabled by default.

Table of Contents

Enabling Sending Icmpv6 Time Exceeded Messages; Enabling Sending Icmpv6 Destination Unreachable Messages - HP 10500 Series Configuration Manual

Enabling sending ICMPv6 time exceeded messages

Enabling sending ICMPv6 destination unreachable messages

Troubleshooting

Related Manuals for HP 10500 Series

Related Content for HP 10500 Series

Table of Contents