HP 6125XLG R2306-HP 6125XLG Blade Switch Layer 3 - IP Services Configuration G - Page 118
Enabling TCP SYN Cookie, Configuring the TCP buffer size
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 118 highlights
• When the TCP source device receives an ICMP error message, it reduces the path MTU and starts an age timer for the path MTU. • After the age timer expires, the source device uses a larger MSS in the MTU table as described in RFC 1191. • If no ICMP error message is received within 2 minutes, the source device increases the MSS again until the MSS is as large as the MSS negotiated during TCP three-way handshake. To enable TCP path MTU discovery: Step 1. Enter system view. 2. Enable TCP path MTU discovery. Command system-view tcp path-mtu-discovery [ aging age-time | no-aging ] Remarks N/A The default setting is disabled. Enabling TCP SYN Cookie A TCP connection is established through a three-way handshake: 1. The sender sends a SYN packet to the server. 2. The server receives the SYN packet, establishes a TCP semi-connection in SYN_RECEIVED state, and replies with a SYN ACK packet to the sender. 3. The sender receives the SYN ACK packet and replies with an ACK packet. A TCP connection is established. An attacker can exploit this mechanism to mount SYN Flood attacks. The attacker sends a large number of SYN packets, but does not respond to the SYN ACK packets from the server. As a result, the server establishes a large number of TCP semi-connections and can no longer handle normal services. SYN Cookie can protect the server from SYN Flood attacks. When the server receives a SYN packet, it responds with a SYN ACK packet without establishing a TCP semi-connection. The server establishes a TCP connection and enters ESTABLISHED state only when it receives an ACK packet from the client. To enable TCP SYN Cookie: Step 1. Enter system view. 2. Enable SYN Cookie. Command system-view tcp syn-cookie enable Remarks N/A The default setting is disabled. Configuring the TCP buffer size Step 1. Enter system view. 2. Configure the size of TCP receive/send buffer. Command system-view tcp window window-size Remarks N/A The default buffer size is 64 KB. 110