ipv6 nd security rate-limit

Function

The ipv6 nd security rate-limit command sets a rate limit for the system to compute or verify the RSA signature in a specified period (1s).

The undo ipv6 nd security rate-limit command deletes a rate limit.

By default, the rate limit for the system to compute or verify the RSA signature is not configured.

Format

ipv6 nd security rate-limit ratelimit-value

undo ipv6 nd security rate-limit

Parameters

Parameter	Description	Value
ratelimit-value	Specifies a rate limit for the system to compute or verify the RSA signature in a specified period (1s).	The value is an integer ranging from 1 to 100, in messages per second.

Parameter

Description

Value

ratelimit-value

Specifies a rate limit for the system to compute or verify the RSA signature in a specified period (1s).

The value is an integer ranging from 1 to 100, in messages per second.

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
nd	write

Usage Guidelines

Usage Scenario

If an attacker keeps sending SEND messages to a device, the device will be busy verifying the RSA signature. To limit the rate at which the interface verifies the RSA signature of the SEND messages, you can run the ipv6 nd security rate-limit command. If the rate at which the interface verifies the RSA signature of the SEND messages is out of the allowed range, the device will regard these messages insecure and discard them.

Example

# Configure the system to process a maximum of 10 received ND messages per second.

<HUAWEI> system-view
[~HUAWEI] ipv6 nd security rate-limit 10