HP 6125XLG R2306-HP 6125XLG Blade Switch Layer 3 - IP Services Configuration G - Page 120
Disabling forwarding ICMP fragments
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 120 highlights
{ If a packet does not match any route and there is no default route in the routing table, the device sends a Network Unreachable ICMP error packet to the source. { If a packet is destined for the device but the transport layer protocol of the packet is not supported by the device, the device sends a Protocol Unreachable ICMP error packet to the source. { If a UDP packet is destined for the device but the packet's port number does not match the corresponding process, the device sends the source a Port Unreachable ICMP error packet. { If the source uses Strict Source Routing to send packets, but the intermediate device finds that the next hop specified by the source is not directly connected, the device sends the source a Source Routing Failure ICMP error packet. { If the MTU of the sending interface is smaller than the packet and the packet has DF set, the device sends the source a Fragmentation Needed and DF-set ICMP error packet. To enable sending ICMP error packets: Step 1. Enter system view. Command system-view Remarks N/A 2. Enable sending ICMP error packets. • Enable sending ICMP redirect packets: ip redirects enable • Enable sending ICMP time-exceeded packets: ip ttl-expires enable • Enable sending ICMP destination unreachable packets: ip unreachables enable The default settings are disabled. Sending ICMP error packets facilitates network management, but sending excessive ICMP packets increases network traffic. A device's performance degrades if it receives a lot of malicious ICMP packets that cause it to respond with ICMP error packets. To prevent such problems, you can disable the device from sending ICMP error packets. A device disabled from sending ICMP time-exceeded packets does not send ICMP TTL Expired packets but can still send ICMP Fragment Reassembly Timeout packets. Disabling forwarding ICMP fragments Disabling forwarding ICMP fragments can protect your device from ICMP fragments attacks. To disable forwarding ICMP fragments: Step 1. Enter system view. 2. Disable forwarding ICMP fragments. Command Remarks system-view N/A ip icmp fragment discarding By default, forwarding ICMP fragments is enabled. 112