Support User Manuals

3Com 4500 Switch User Manual

Open as PDF

of 742

2-3

z If the destination of a packet is local while the transport layer protocol of the packet is not supported

by the local device, the device sends a “protocol unreachable” ICMP error packet to the source.

z When receiving a packet with the destination being local and transport layer protocol being UDP, if

the packet’s port number does not match the running process, the device will send the source a

“port unreachable” ICMP error packet.

z If the source uses “strict source routing" to send packets, but the intermediate device finds that the

next hop specified by the source is not directly connected, the device will send the source a “source

routing failure” ICMP error packet.

z When forwarding a packet, if the MTU of the sending interface is smaller than the packet but the

packet has “Don’t Fragment” set, the device will send the source a “fragmentation needed and

Don’t Fragment (DF)-set” ICMP error packet.

Disadvantages of sending ICMP error packets

Although sending ICMP error packets facilitate control and management, it still has the following

disadvantages:

z Sending a lot of ICMP packets will increase network traffic.

z If a device receives a lot of malicious packets that cause it to send ICMP error packets, its

performance will be reduced.

z As the ICMP redirection function increases the routing table size of a host, the host’s performance

will be reduced if its routing table becomes very large.

z If a host sends malicious ICMP destination unreachable packets, end users may be affected.

To prevent the above mentioned problems, you can disable the device from sending such ICMP error

packets.

Follow these steps to disable sending ICMP error packets:

To do… Use the command… Remarks

Enter system view

system-view

—

Disable sending of ICMP redirects

undo icmp redirect send

Required

Enabled by default.

Disable sending of ICMP destination

unreachable packets

undo icmp unreach send

Required

Enabled by default.

Displaying and Maintaining IP Performance Optimization

Configuration

To do… Use the command… Remarks

Display TCP connection status

display tcp status

Display TCP connection statistics

display tcp statistics

Display UDP traffic statistics

display udp statistics

Display IP traffic statistics

display ip statistics

Available in

any view

previous next