Enabling Sending Icmpv6 Destination Unreachable Messages; Enabling Sending Icmpv6 Time Exceeded Messages; Enabling Sending Icmpv6 Redirect Messages - HPE FlexNetwork 10500 Series Configuration Manual
Layer 3-ip services
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Security configuration manual (702 pages) ,
- Network management and monitoring command reference (423 pages)
Table of Contents
Advertisement
Enabling sending ICMPv6 destination unreachable
messages
The device sends the source the following ICMPv6 destination unreachable messages:
•
ICMPv6 No Route to Destination message—A packet to be forwarded does not match any
route.
•
ICMPv6 Communication with Destination Administratively Prohibited message—An
administrative prohibition is preventing successful communication with the destination. This is
typically caused by a firewall or an ACL on the device.
•
ICMPv6 Beyond Scope of Source Address message—The destination is beyond the scope
of the source IPv6 address. For example, a packet's source IPv6 address is a link-local address,
and its destination IPv6 address is a global unicast address.
•
ICMPv6 Address Unreachable message—The device fails to resolve the link layer address
for the destination IPv6 address of a packet.
•
ICMPv6 Port Unreachable message—No port process on the destination device exists for a
received UDP packet.
If a device is generating ICMPv6 destination unreachable messages incorrectly, disable the sending
of ICMPv6 destination unreachable messages to prevent attack risks.
To enable sending ICMPv6 destination unreachable messages:
Step
1.
Enter system view.
2.
Enable sending ICMPv6 destination
unreachable messages.
Enabling sending ICMPv6 time exceeded messages
The device sends the source ICMPv6 time exceeded messages as follows:
•
If a received packet is not destined for the device and its hop limit is 1, the device sends an
ICMPv6 hop limit exceeded in transit message to the source.
•
Upon receiving the first fragment of an IPv6 datagram destined for the device, the device starts
a timer. If the timer expires before all the fragments arrive, the device sends an ICMPv6
fragment reassembly time exceeded message to the source.
If the device receives large numbers of malicious packets, its performance degrades greatly
because it must send back ICMP time exceeded messages. To prevent such attacks, disable
sending ICMPv6 time exceeded messages.
To enable sending ICMPv6 time exceeded messages:
Step
1.
Enter system view.
2.
Enable sending ICMPv6 time
exceeded messages.
Enabling sending ICMPv6 redirect messages
Upon receiving a packet from a host, the device sends an ICMPv6 redirect message to inform the
host of a better next hop when the following conditions are met:
Command
system-view
ipv6 unreachables enable
Command
system-view
ipv6 hoplimit-expires
enable
176
Remarks
N/A
By default, this feature is
disabled.
Remarks
N/A
The default setting is disabled.
Advertisement
Table of Contents
Troubleshooting
