631
Related commands
• icmpv6-flood detect ipv6
• icmpv6-flood detect non-specific
• icmpv6-flood threshold
icmpv6-flood detect ipv6
Use icmpv6-flood detect ipv6 to configure IPv6-specific ICMPv6 flood attack detection.
Use undo icmpv6-flood detect ipv6 to remove the ICMPv6 flood attack detection configuration for an
IPv6 address.
Syntax
icmpv6-flood detect ipv6 ipv6-address [ vpn-instance vpn-instance-name ] [ threshold threshold-value ]
[ action { drop | logging } * ]
undo icmpv6-flood detect ipv6 ipv6-address [ vpn-instance vpn-instance-name ]
Default
ICMPv6 flood attack detection is not configured for any IPv6 address.
Views
Attack defense policy view
Predefined user roles
network-admin
Parameters
Ipv6-address: Specifies the IPv6 address to be protected.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the protected IPv6
address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Do not
specify this option if the protected IPv6 address is on the public network.
threshold threshold-value: Sets the threshold for triggering ICMPv6 flood attack prevention. The value
range is 1 to 1000000 in units of ICMPv6 packets sent to the specified IP address per second.
action: Specifies the actions when an ICMPv6 flood attack is detected. If no action is specified, the
global actions set by the icmpv6-flood action command apply.
drop: Drops subsequent ICMPv6 packets destined for the protected IPv6 address.
logging: Enables logging for ICMPv6 flood attack events. The log information records the detection
interface, victim IP address, MPLS L3VPN instance name, current packet statistics, prevention action, and
start time of the attack.
Usage guidelines
You can configure ICMPv6 flood attack detection for multiple IPv6 addresses in one attack defense
policy.
With ICMPv6 flood attack detection configured, the device is in attack detection state. An attack occurs
when the device detects that the sending rate of ICMPv6 packets to a protected IPv6 address reaches or
exceeds the threshold. The device enters prevention state and takes actions to protect the target IPv6
address. When the rate is below the silence threshold (three-fourths of the threshold), the device
considers that the threat is over and returns to the attack detection state.
To Next Page
Loading...
Need help?
General
