3com S7906E Manuel De Montage
1-18
are received, the finwait timer is reset upon receipt of the last non-FIN packet and the connection is
terminated after the finwait timer expires.
z
Size of the IPv6 TCP sending/receiving buffer.
Follow these steps to configure IPv6 TCP properties:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Set the finwait timer
tcp ipv6 timer fin-timeout
wait-time
wait-time
Optional
675 seconds by default.
Set the synwait timer
tcp ipv6 timer syn-timeout
wait-time
wait-time
Optional
75 seconds by default.
Set the size of the IPv6 TCP
sending/receiving buffer
sending/receiving buffer
tcp ipv6 window size
Optional
8 KB by default.
Configuring ICMPv6 Packet Sending
Configuring the Maximum ICMPv6 Error Packets Sent in an Interval
If too many ICMPv6 error packets are sent within a short time in a network, network congestion may
occur. To avoid network congestion, you can control the maximum number of ICMPv6 error packets
sent within a specified time, currently by adopting the token bucket algorithm.
You can set the capacity of a token bucket, namely, the number of tokens in the bucket. In addition, you
can set the update interval of the token bucket, namely, the interval for restoring the configured capacity.
One token allows one ICMPv6 error packet to be sent. Each time an ICMPv6 error packet is sent, the
number of tokens in a token bucket decreases by one. If the number of ICMPv6 error packets
successively sent exceeds the capacity of the token bucket, the additional ICMPv6 error packets cannot
be sent out until the capacity of the token bucket is restored.
Follow these steps to configure the capacity and update interval of the token bucket:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Configure the
capacity and update
interval of the token
bucket
capacity and update
interval of the token
bucket
Ipv6 icmp-error { bucket
bucket-size | ratelimit
interval } *
bucket-size | ratelimit
interval } *
Optional
By default, the capacity of a token bucket is 10
and the update interval is 100 milliseconds.
That is, at most 10 IPv6 ICMP error packets
can be sent within 100 milliseconds.
and the update interval is 100 milliseconds.
That is, at most 10 IPv6 ICMP error packets
can be sent within 100 milliseconds.
The update interval “0” indicates that the
number of ICMPv6 error packets sent is not
restricted.
number of ICMPv6 error packets sent is not
restricted.
Enabling Replying to Multicast Echo Requests
If hosts are configured to answer multicast echo requests, an attacker may use this mechanism to
attack a host. For example, if Host A sends an echo request with the source being Host B to a multicast
address, then all the hosts in the multicast group will send echo replies to Host B. Therefore, to prevent
such an attack, a device is disabled from replying multicast echo requests by default.