Hà Nội: NTT03, Line 1, Thống Nhất Complex, 82 Nguyễn Tuân, Thanh Xuân, Hà Nội. ● HCM: Số 31B, Đường 1, Phường An Phú, Quận 2 (Thủ Đức), TP HCM. ===> Đơn Vị Hàng Đầu Trong Lĩnh Vực Cung Cấp Thiết Bị Security - Network - Wifi - CCTV - Conference - Máy chủ Server - Lưu trữ Storge.
Danh mục sản phẩm

Configure the IPv6 TCP Anti-Attack Function

If the IPv6 TCP server receives a large number of SYN packets, but the peer does not reply the SYN+ACK response to the server, this will lead to a large amount of memory consumption on the server, occupying the semi-connected queue of the server, and as a result, the IPv6 TCP server cannot serve the normal request. This attack can be avoided by configuring the IPv6 TCP anti-attack function.

Configuration Condition

None

Enable IPv6 TCP syncache Function

Instead of rushing to allocate TCB when receiving SYN packets, the function first replies a SYN + ACK packet and stores this semi-open connection information in a dedicated cache until the correct ACK packet is received, and then reallocates the TCB.

Table 5-21 Enable IPv6 TCP syncache function

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Enable the IPv6 TCP syncache function

ipv6 tcp syncache

Mandatory

By default, the IPv6 TCP syncache function is disabled.

Enable IPv6 TCP syncookies Function

This function does not use any storage resources at all. It uses a special algorithm to generate Sequence Number. This algorithm takes into account the IPv6 address and port of the peer party, the IPv6 address and port fixed information of one’s own party, and some fixed information of one’s own party that the peer party cannot know, such as MSS and time. After receiving the ACK packet of the peer party, recalculate it to see whether it is the same as the Sequence Number-1 in the response packet of the peer party, so as to decide whether to allocate TCB resources.

Table 5-22 Enable the IPv6 TCP syncookies function

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Enable the IPv6 TCP syncookies function

ipv6 tcp syncookies

Mandatory

By default, the IPv6 TCP syncookies function is disabled.