Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsFN IO Module
451452453454455456457458459460
Using the Configured Source IP Address
in ICMP Messages
ICMP error or unreachable messages are now sent with the configured IP address of the source interface
instead of the front-end port IP address as the source IP address. Enable the generation of ICMP unreachable
messages through the ip unreachable command in Interface mode. When a ping or traceroute packet
from an endpoint or a device arrives at the null 0 interface configured with a static route, it is discarded. In
such cases, you can configure Internet Control Message Protocol (ICMP) unreachable messages to be sent to
the transmitting device.
Configuring the ICMP Source Interface
You can enable the ICMP error and unreachable messages to contain the configured IP address of the source
device instead of the previous hop's IP address. This configuration helps identify the devices along the path
because the DNS server maps the loopback IP address to the host name, and does not translate the IP
address of every interface of the switch to the host name.
Configure the source to send the configured source interface IP address instead of using its front-end IP
address in the ICMP unreachable messages and in the traceroute command output. Use the ip icmp
source-interface
interface or the ipv6 icmp source-interface interface commands in
Configuration mode to enable the ICMP error messages to be sent with the source interface IP address. This
functionality is supported on loopback, VLAN, port channel, and physical interfaces for IPv4 and IPv6
messages. feature is not supported on tunnel interfaces. ICMP error relay, PATH MTU transmission, and
fragmented packets are not supported for tunnel interfaces. The traceroute utilities for IPv4 and IPv6 list the
IP addresses of the devices in the hops of the path for which ICMP source interface is configured.
Configuring the Duration to Establish a
TCP Connection
You can configure the amount of time for which the device must wait before it attempts to establish a TCP
connection. Using this capability, you can limit the wait times for TCP connection requests. Upon responding
to the initial SYN packet that requests a connection to the router for a specific service (such as SSH or BGP)
with a SYN ACK, the router waits for a period of time for the ACK packet to be sent from the requesting host
that will establish the TCP connection.
You can set this duration or interval for which the TCP connection waits to be established to a significantly
high value to prevent the device from moving into an out-of-service condition or becoming unresponsive
during a SYN flood attack that occurs on the device. You can set the wait time to be 10 seconds or lower. If
the device does not contain any BGP connections with the BGP neighbors across WAN links, you must set
this interval to a higher value, depending on the complexity of your network and the configuration attributes.
IPv4 Routing 453