Configure ICMPv6 Function
In IPv6 protocol stack, Internet Control Message Protocol is mainly used to provide network detection services, and provide error reports to inform the corresponding devices when the network layer or transport layer protocol is abnormal, so as to control and manage the network.
Configuration Condition
None
Configure the Rate of Sending the ICMPv6 Error Packet
If there are too many ICMPv6 error packets sent in the network, it may lead to network congestion. To avoid this, users can configure the maximum number of ICMPv6 error packets sent within a specified time.
Table 5-19 Configure the rate of sending the ICMPv6 error packets
Step
|
Command
|
Description
|
Enter the global configuration mode
|
configure terminal
|
-
|
Configure the rate of sending the ICMPv6 error packets |
ipv6 icmp error-interval interval [ buckets ]
|
Optional
By default, the period of sending the ICMPv6 error packets is 100ms, and the maximum number of the ICMPv6 error packets sent in the period is 10.
|
Enable the Function of Sending the ICMPv6 Packet with Unreachable Destination
The function of sending the ICMPv6 packet with the unreachable destination indicates that after receiving one IPv6 packet and if its destination is reachable, the device discards the packet and sends the ICMPv6 unreachable error packet to the source.
The device will send ICMPv6 unreachable error packet when meeting the following conditions:
- When forwarding packets, and if failed to find the route, the device sends the ICMPv6 error packet "No route to the destination address" to the source.
- When a device forwards a packet, and if it is unable to send it due to a management policy (such as firewall, ACL), it sends an ICMPv6 error packet "the communication with destination address is prohibited by management policy" to the source.
- If the destination IPv6 address of the packet exceeds the range of the source IPv6 address (for example, the source IPv6 address of the packet is the link local address, and the destination IPv6 address of the packet is the global unicast address) when forwarding a packet, and as a result, the packet cannot reach the destination, the device will send the ICMPv6 error packet "out of the source address range" to the source.
- If the device fails to resolve the link layer address of the destination IPv6 address when forwarding the packet, it sends the "address unreachable" ICMPv6 error packet to the source.
- When a device receives an IPv6 packet whose destination address is the local and transport layer protocol is UDP, and if the destination port number of the packet does not match the process in use, it sends a "port unreachable" ICMPv6 error packet to the source.
Because the information transmitted to the user process by ICMPv6 destination unreachable error packet is unreachable, if there is a malicious attack, it may affect the normal use of the terminal users. To avoid these phenomena, the user can disable the function of sending the ICMPv6 destination unreachable error packet.
Table 5-20 Enable the function of sending the ICMPv6 packet with the unreachable destination
Step
|
Command
|
Description
|
Enter the global configuration mode
|
configure terminal
|
-
|
Enable the function of sending the ICMPv6 packet with the unreachable destination
|
ipv6 unreachables
|
Optional
By default, the function of sending the ICMPv6 packet with the unreachable destination is enabled.
|