< Home

ipv6 icmp-error

Function

The ipv6 icmp-error command sets the rate limit for sending ICMPv6 error packets.

The undo ipv6 icmp-error command restores the default rate limit for sending ICMPv6 error packets.

By default, the size of the token buckets is 10 and the limit rate is 100 milliseconds.

Format

ipv6 icmp-error { bucket bucket-size | ratelimit interval } *

undo ipv6 icmp-error

Parameters

Parameter Description Value
bucket bucket-size Specifies the maximum number of tokens the bucket can hold. The value is an integer that ranges from 1 to 200. The default value is 10, which is recommended.
ratelimit interval Specifies the interval for placing tokens into the bucket. The value is an integer that ranges from 0 to 2147483647, in milliseconds. The default value is 100, which is recommended.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

If a network is not attacked, a routing device can correctly send ICMPv6 error packets to notify other devices of exceptions in packet transmission. If an attacker frequently sends ICMPv6 packets to network devices, the network devices will be busy responding with ICMPv6 packets. This affects system throughput and CPU usage. To prevent the system from sending a great number of ICMPv6 packets, run the ipv6 icmp-error command to limit the rate at which ICMPv6 packets are sent.

The token bucket algorithm is used to count ICMPv6 packets. One token represents an ICMPv6 error packet. The system places tokens into the virtual bucket at a certain interval until the number of tokens in the bucket reaches the upper limit. Once the number of ICMPv6 packets exceeds the maximum number of tokens that the bucket can contain, excess packets are discarded. You can limit the rate at which ICMPv6 packets are sent by setting the bucket size and the interval for placing tokens into the bucket.

Precautions

If you run the ipv6 icmp-error command multiple times, only the latest configuration takes effect.

If the interval for placing tokens into the bucket is 0, there is no limit on the interval.

Example

# Set the rate limit for sending ICMPv6 error packets to 100.

<HUAWEI> system-view
[HUAWEI] ipv6 icmp-error ratelimit 100

# Set the bucket size of ICMPv6 to 50. 

<HUAWEI> system-view
[HUAWEI] ipv6 icmp-error bucket 50

# Set the rate limit for sending ICMPv6 error packets to 100 and the bucket size to 50.

<HUAWEI> system-view
[HUAWEI] ipv6 icmp-error bucket 50 ratelimit 100
Parent Topic: Basic IPv6 Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >