ipv6 nd neighbor-limit

Function

The ipv6 nd neighbor-limit command configures the maximum number of dynamic neighbor entries allowed by an interface.

The undo ipv6 nd neighbor-limit command cancels the configuration.

By default, the maximum number of dynamic neighbor entries allowed by an interface is not configured.

Format

ipv6 nd neighbor-limit max-number

undo ipv6 nd neighbor-limit

undo ipv6 nd neighbor-limit max-number

Parameters

Parameter	Description	Value
max-number	Specifies the maximum number of dynamic neighbor entries allowed by an interface.	The value is an integer ranging from 0 to 65536. The value range of this parameter is controlled by the PAF. After the PAF is loaded, the value range of this parameter is from 0 to 147456.

Parameter

Description

Value

max-number

Specifies the maximum number of dynamic neighbor entries allowed by an interface.

The value is an integer ranging from 0 to 65536. The value range of this parameter is controlled by the PAF. After the PAF is loaded, the value range of this parameter is from 0 to 147456.

Views

100ge sub-interface view, 100GE interface view, 10GE sub-interface view, 10GE interface view, 200GE sub-interface view, 25GE sub-interface view, 25GE interface view, 400GE sub-interface view, 400GE interface view, 40GE sub-interface view, 40GE interface view, 50GE sub-interface view, 50GE interface view, Eth-Trunk sub-interface view, Eth-Trunk interface view, FlexE interface view, GE optical interface view, GE sub-interface view, GE interface view, GE electrical interface view, Global VE sub-interface view, PW-VE sub-interface view, PW-VE interface view, VBDIF interface view, VE sub-interface view, VLANIF interface view, Management interface view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
nd	write

Usage Guidelines

Usage Scenario

Upon receipt of a large number of RA messages from an attacker, a device learns dynamic neighbor entries, which consumes high CPU and memory resources. To defend against RA flooding attacks, run the ipv6 nd neighbor-limit command to configure the maximum number of dynamic neighbor entries allowed by an interface.

When the number of dynamic neighbor entries exceeds a specified threshold, a large amount of redundant information exists, and the device stops recording. In this case, you can run the reset ipv6 neighbors command to clear specified dynamic neighbor entries. However, this operation may affect IPv6 packet forwarding. Exercise caution when you perform this operation.

Setting the max-number parameter to 0 equals to running the undo ipv6 nd neighbor-limit [ max-number ] command.

Prerequisites

Before running this command, run the ipv6 enable command in the interface view to enable the IPv6 function.

Example

# Configure the maximum number of dynamic neighbor entries allowed by an interface as 16000.

<HUAWEI> system-view
[~HUAWEI] interface GigabitEthernet 0/1/0
[~HUAWEI-GigabitEthernet0/1/0] ipv6 enable
[*HUAWEI-GigabitEthernet0/1/0] ipv6 nd neighbor-limit 10000