The ipv6 nd miss anti-attack rate-limit command sets the rate limit value for ND Miss messages.
The undo ipv6 nd miss anti-attack rate-limit command deletes the rate limit value for ND Miss messages.
By default, the rate limit for ND Miss messages anti-attack function is disabled.
100ge sub-interface view, 100GE interface view, 10GE sub-interface view, 10GE interface view, 200GE sub-interface view, 25GE sub-interface view, 25GE interface view, 400GE sub-interface view, 400GE interface view, 40GE sub-interface view, 40GE interface view, 50GE sub-interface view, 50GE interface view, Eth-Trunk sub-interface view, Eth-Trunk interface view, FlexE interface view, GE optical interface view, GE sub-interface view, GE interface view, GE electrical interface view, Global VE sub-interface view, PW-VE sub-interface view, PW-VE interface view, VBDIF interface view, VE sub-interface view, VLANIF interface view, Management interface view
Usage Scenario
When a device sends an IPv6 packet, if the MAC address corresponding to the destination IPv6 address of the IPv6 packet does not exist, an ND Miss message is generated. This consumes device resources and affects the processing of other services. To resolve this problem, run the ipv6 nd miss anti-attack rate-limit command to configure the rate at which ND Miss messages are sent. With this configuration, the device processes only the allowed number of ND Miss messages within a specified period to ensure normal service running.
Configuration Impact
After the rate at which ND Miss messages are sent is limited, a device collects statistics about the number of received ND Miss messages. If the number of ND Miss messages received within a specified period exceeds the upper limit, the device discards the excess ND Miss messages.
Precautions
If the rate limit is too low and the login through Telnet fails because the device receives a large number of attack packets, you can log in to the device through the Console port to increase the rate limit.