HP (Hewlett-Packard) 2900 Switch User Manual


 
8-3
IPv6 Diagnostic and Troubleshooting
ICMP Rate-Limiting
Controlling the frequency of ICMPv6 error messages can help to prevent DoS
(Denial- of- Service) attacks. With IPv6 enabled on the switch, you can control
the allowable frequency of these messages with ICMPv6 rate-limiting.
For example, the following command limits ICMP error and informational
messages to no more than 20 every 1 second:
ProCurve(config)# ipv6 icmp error-interval 1000000 bucket-size
20
Syntax:. ipv6 icmp error-interval < 0 - 2147483647 > [bucket-size < 1 - 200 >]
no ipv6 icmp error-interval
This command is executed from the global configuration level,
and uses a “token bucket” method for limiting the rate of ICMP
error and informational messages. Using this method, each
ICMP message uses one token, and a message can be sent only
if there is a token available. In the default configuration, a new
token can be added every 100 milliseconds, and a maximum
of 10 tokens are allowed in the token bucket. If the token bucket
is full, a new token cannot be added until an existing token is
used to enable sending an ICMP message. You can increase or
decrease both the the frequency with which used tokens can be
replaced and (optionally) the number of tokens allowed to
exist.
error-interval: Specifies the time interval in milliseconds
between successive token adds. Increasing this value
decreases the rate at which tokens can be added. A setting
of
0 disables ICMP messaging.
Default: 100; Range: 0 - 2147483647.
bucket-size: This optional keyword specifies the maximum
number of tokens allowed in the token bucket at any time.
Decreasing this value decreases the maximum number of
tokens that may be available at any time.
Default: 10; Range: 1 - 200.
You can change the rate at which ICMP messages are allowed
by changing the error-interval with or without a corre-
sponding change in the bucket-size.
The no ipv6 icmp error-interval
command resets both the error-
interval and the bucket-size values to their defaults.
Use the show run command to view the current ICMP error
interval settings.