Enabling sending ICMPv6 time exceeded messages
The device sends the source ICMPv6 time exceeded messages as follows:
If a received packet is not destined for the device and its hop limit is 1, the device sends an ICMPv6 hop limit exceeded in transit message to the source.
Upon receiving the first fragment of an IPv6 datagram destined for the device, the device starts a timer. If the timer expires before all the fragments arrive, the device sends an ICMPv6 fragment reassembly time exceeded message to the source.
If the device receives large numbers of malicious packets, its performance degrades greatly because it must send back ICMP time exceeded messages. To prevent such attacks, disable sending ICMPv6 time exceeded messages.
To enable sending ICMPv6 time exceeded messages:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable sending ICMPv6 time exceeded messages. | ipv6 hoplimit-expires enable | The default setting is disabled. |