icmp host-unreachable send

Function

The icmp host-unreachable send command enables the switch to send ICMP Host Unreachable packets.

The undo icmp host-unreachable send command disables the switch from sending ICMP Host Unreachable packets.

By default, the function of sending ICMP Host Unreachable packets is enabled.

Format

icmp host-unreachable send

undo icmp host-unreachable send

Parameters

None

Views

System view, interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

ICMP error packets contain network information, such as network connectivity, host reachability, and route availability. ICMP error packets are ultimately returned to the sender because the sender is the logical receiver of the ICMP error packets. The sender learns about the error types from the ICMP error packets, and then determines how to retransmit the data.

After receiving an IP packet, if the device finds that the destination is unreachable, the device discards the packet, and returns a Destination Unreachable packet to the source.

Port Unreachable, Protocol Unreachable, and Host Unreachable packets are ICMP Destination Unreachable packets.

When receiving a data packet of which the destination address is a local address and transport protocol is UDP, if the device detects that the port number of the packet does not match the running process, the source sends a Port Unreachable packet to the source.
When receiving a data packet of which the destination address is the local address, if the device does not support the transport layer protocol of the data packet, the device returns a Protocol Unreachable packet to the source.
When a device receives a data packet, but cannot forward it, the device returns a Host Unreachable packet to the source.

The Destination Unreachable packets facilitate network control and management. However, the inherent defects of the ICMP protocol make the routing devices and hosts be prone to attacks. Therefore, sending the ICMP Destination Unreachable packets has the following defects:

The ICMP packets increase traffic volume and burden the network devices.
If a device receives a large number of malicious attack packets and needs to return ICMP error packets, the device is busy handling ICMP packets, and the device performance is degraded.
The ICMP Destination Unreachable packets indicate that the destination is unreachable. If there are malicious attacks, user terminals cannot normally use the network.

After you run the undo icmp host-unreachable send command, the device does not send ICMP Host Unreachable packets externally. This prevents the peer device from processing a large number of ICMP packets.

Precautions

The icmp host-unreachable send command can be run in the system view or interface view.

After the function of sending ICMP Host Unreachable packets is disabled in the system view, all interfaces do not send ICMP Host Unreachable packets. Even if the function is enabled on an interface, the interface does not send ICMP Host Unreachable packets.
After the function of sending ICMP Host Unreachable packets is enabled in the system view, all interfaces send ICMP Host Unreachable packets because the function is enabled on all interfaces by default. You can run the undo icmp host-unreachable send command in interface view to disable the function on a specified interface.

If the function of sending ICMP Host Unreachable packets is disabled, the switch does not send ICMP Host Unreachable packets in any situations.

This command needs to be configured on the inbound interface of ICMP packets in the interface view.

Example

# Enable the switch to send ICMP Host Unreachable packets.

<HUAWEI> system-view
[HUAWEI] icmp host-unreachable send

# Enable VLANIF100 to send ICMP Host Unreachable packets.

<HUAWEI> system-view
[HUAWEI] interface vlanif 100
[HUAWEI-Vlanif100] icmp host-unreachable send

# Enable GE0/0/1 to send ICMP Host Unreachable packets.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] undo portswitch
[HUAWEI-GigabitEthernet0/0/1] icmp host-unreachable send