The ipv6 icmp source-address command configures the IPv6 address of the loopback interface as the source IPv6 address of ICMPv6 Port Unreachable or Time Exceeded messages.
The undo ipv6 icmp source-address command restores the default configuration.
By default, the IPv6 address of the loopback interface is not used as the source IPv6 address of ICMPv6 Port Unreachable or Time Exceeded messages.
Usage Scenario
To reduce exposure of the IPv6 addresses of device interfaces in order to prevent against detection through ICMPv6 Port Unreachable or Time Exceeded messages, run the ipv6 icmp source-address command to specify the source IPv6 address of ICMPv6 Port Unreachable or Time Exceeded messages. After this command is run, if the device needs to give a reply to the messages, the device uses the IPv6 address of the loopback interface as the source IPv6 address of ICMPv6 Port Unreachable or Time Exceeded messages.
Precautions
This command can be configured only on one loopback interface in a VPN.
<HUAWEI> system-view [~HUAWEI] interface loopback 2 [*HUAWEI-LoopBack2] ipv6 enable [*HUAWEI-LoopBack2] ipv6 icmp port-unreachable source-address
<HUAWEI> system-view [~HUAWEI] ip vpn-instance vpn10 [*HUAWEI-vpn-instance-vpn10] quit [*HUAWEI] interface loopback 1 [*HUAWEI-LoopBack1] ipv6 enable [*HUAWEI-LoopBack1] ip binding vpn-instance vpn10 [*HUAWEI-LoopBack1] ipv6 icmp hop-limit-exceeded source-address