< Home

Example for Optimizing System Performance by Discarding Certain ICMP Packets

Networking Requirements

The switch in Figure 1 functions as the aggregation device. Enterprise users, individual users, and DSLAMs are attached to the switch and the switch is connected to the Internet through a BRAS. When a large amount of information is exchanged on the network or the network is attacked, lots of ICMP packets are forwarded and the network performance is degraded. In this case, some ICMP packets need to be discarded to reduce the burden on the switch.

Figure 1 Networking diagram for configuring the ICMP security function

Configuration Roadmap

The configuration roadmap is as follows:

Configure the switch to discard ICMP packets whose TTL value is 1, ICMP packets that carry options, and ICMP Destination Unreachable packets to reduce its burden in processing a large number of ICMP packets.

Procedure

  1. Configure the switch to discard certain ICMP packets.

    # Configure the switch to discard ICMP packets whose TTL value is 1.

    <HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] icmp ttl-exceeded drop all

    # Configure the switch to discard ICMP packets that carry options.

    [Switch] icmp with-options drop all

    # Configure the switch to discard ICMP packets whose destination addresses are unreachable.

    [Switch] icmp unreachable drop

  2. Verify the configuration.

    # Run the display this command in the system view to view the ICMP security configurations.

    [Switch] display current-configuration | include icmp
icmp unreachable drop
icmp ttl-exceeded drop slot 0
icmp with-options drop slot 0

Configuration Files

Switch configuration file

#
sysname Switch
#
icmp unreachable drop
icmp ttl-exceeded drop slot 0
icmp with-options drop slot 0
# 
return
Parent Topic: IP Performance Optimization Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic