Enabling Tcp Syn Cookie; Configuring The Tcp Buffer Size - HP 6125XLG Configuration Manual

Blade switch layer 3 - ip services

Hide thumbs Also See for 6125XLG:

Layer 3 - ip routing configuration manual (492 pages)

Command reference manual (466 pages)

Configuration manual (414 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

Table of Contents

When the TCP source device receives an ICMP error message, it reduces the path MTU and starts

•

an age timer for the path MTU.

After the age timer expires, the source device uses a larger MSS in the MTU table as described in

•

RFC 1 191.

If no ICMP error message is received within 2 minutes, the source device increases the MSS again

•

until the MSS is as large as the MSS negotiated during TCP three-way handshake.

To enable TCP path MTU discovery:

Step

Enter system view.

Enable TCP path MTU

discovery.

Enabling TCP SYN Cookie

A TCP connection is established through a three-way handshake:

The sender sends a SYN packet to the server.

The server receives the SYN packet, establishes a TCP semi-connection in SYN_RECEIVED state,

and replies with a SYN ACK packet to the sender.

The sender receives the SYN ACK packet and replies with an ACK packet. A TCP connection is

established.

An attacker can exploit this mechanism to mount SYN Flood attacks. The attacker sends a large number

of SYN packets, but does not respond to the SYN ACK packets from the server. As a result, the server

establishes a large number of TCP semi-connections and can no longer handle normal services.

SYN Cookie can protect the server from SYN Flood attacks. When the server receives a SYN packet, it

responds with a SYN ACK packet without establishing a TCP semi-connection. The server establishes a

TCP connection and enters ESTABLISHED state only when it receives an ACK packet from the client.

To enable TCP SYN Cookie:

Step

Enter system view.

Enable SYN Cookie.

Configuring the TCP buffer size

Step

Enter system view.

Configure the size of TCP receive/send

buffer.

Command

system-view

tcp path-mtu-discovery [ aging age-time |

no-aging ]

Command

system-view

tcp syn-cookie enable

Command

system-view

tcp window window-size

110

Remarks

N/A

The default setting is

disabled.

Remarks

N/A

The default setting is disabled.

Remarks

N/A

The default buffer size is 64 KB.

Table of Contents

Enabling Tcp Syn Cookie; Configuring The Tcp Buffer Size - HP 6125XLG Configuration Manual

Enabling TCP SYN Cookie

Configuring the TCP buffer size

Troubleshooting

Related Manuals for HP 6125XLG

Related Content for HP 6125XLG

Table of Contents