< Home

Configuring the Device Not to Send NS Packets Destined for Other Devices to the CPU

Context

If an interface receives a large number of NS packets whose destination IPv6 addresses are different from the IPv6 address of this interface and sends these NS packets to the CPU for processing, the CPU usage is high and the CPU cannot process services properly.

To prevent this issue, you can configure the device to directly forward NS packets destined for other devices without sending them to the CPU. This improves the device's capability of defending against packet attacks.

Only the S5720-HI, S5730-HI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-HI, S6730-H, S6730S-H, S6730-S, and S6730S-S support this command.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface vlanif vlan-id

    The VLANIF interface view is displayed.

  3. Run nd optimized-passby enable

    The device is configured not to send NS packets destined for other devices to the CPU.

    By default, a device does not send NS packets destined for other devices to the CPU.

    If the nd snooping enable is executed in system view, or if IPv6 protocol is Down on the VLANIF interface, the configuration of disabling the device from sending NS packets destined for other devices to the CPU does not take effect on the VLANIF interface.

Verifying the Configuration

Run the display nd optimized-passby status command to verify whether the device is configured not to send NS packets destined for other devices to the CPU and whether the configuration takes effect.

Parent Topic: Basic IPv6 Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >