Login
- Table of Contents
-
- 03-Layer 3 Configuration Guide
- 00-Preface
- 01-ARP Configuration
- 02-IP Addressing Configuration
- 03-DHCP Configuration
- 04-DNS Configuration
- 05-IP Performance Optimization Configuration
- 06-UDP Helper Configuration
- 07-IPv6 Basics Configuration
- 08-IP Routing Basics Configuration
- 09-Static Routing Configuration
- 10-IPv6 Static Routing Configuration
- 11-RIP Configuration
- 12-RIPng Configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 05-IP Performance Optimization Configuration | 116.15 KB |
Contents
IP performance optimization configuration
Enabling receiving and forwarding of directed broadcasts to a directly connected network
Enabling receiving of directed broadcasts to a directly connected network
Enabling forwarding of directed broadcasts to a directly connected network
Configuring the TCP send/receive buffer size
Configuring ICMP to send error packets
Displaying and maintaining IP performance optimization
This chapter includes these sections:
· Enabling receiving and forwarding of directed broadcasts to a directly connected network
· Configuring ICMP to send error packets
· Displaying and maintaining IP performance optimization
|
|
NOTE: · The term "switch" or "device" in this chapter refers to the switching engine on a WX3000E wireless switch. · The WX3000E series comprises WX3024E and WX3010E wireless switches. · The port numbers in this chapter are for illustration only. |
Enabling receiving and forwarding of directed broadcasts to a directly connected network
Directed broadcast packets are broadcast on a specific network. In the destination IP address of a directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones. If a device is allowed to forward directed broadcasts to a directly connected network, hackers may mount attacks to the network. However, you can enable the feature when using the following functions:
· Using the UDP Helper function to convert broadcasts to unicasts and forward them to a specified server.
· Using the Wake on LAN function to forward directed broadcasts to a host on the remote network.
Enabling receiving of directed broadcasts to a directly connected network
If a device is enabled to receive directed broadcasts, the device will determine whether to forward them according to the configuration on the outgoing interface.
Follow these steps to enable the device to receive directed broadcasts:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable the device to receive directed broadcasts |
ip forward-broadcast |
Required Disabled by default. |
Enabling forwarding of directed broadcasts to a directly connected network
Follow these steps to enable the device to forward directed broadcasts:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enter interface view |
interface interface-type interface-number |
— |
|
Enable the interface to forward directed broadcasts |
ip forward-broadcast [ acl acl-number ] |
Required Disabled by default. |
|
|
NOTE: · If an ACL is referenced in the ip forward-broadcast command, only packets permitted by the ACL can be forwarded. · If you repeatedly execute the ip forward-broadcast command on an interface, only the last executed command takes effect. If the command executed last does not include acl acl-number, the ACL configured previously will be removed. |
Configuration example
Network requirements
As shown in Figure 1, the host's interface and VLAN-interface 3 of the switch are on the same network segment (1.1.1.0/24). VLAN-interface 2 of Switch A and the server are on another network segment (2.2.2.0/24). The default gateway of the host is VLAN-interface 3 (IP address 1.1.1.2/24) of Switch A.
Figure 1 Network diagram for receiving and forwarding directed broadcasts
Configuration procedure
# Enable the switch to receive directed broadcasts.
<Switch> system-view
[Switch] ip forward-broadcast
# Configure IP addresses for VLAN-interface 3 and VLAN-interface 2.
[Switch] interface vlan-interface 3
[Switch-Vlan-interface3] ip address 1.1.1.2 24
[Switch-Vlan-interface3] quit
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] ip address 2.2.2.2 24
# Enable VLAN-interface 2 to forward directed broadcasts.
[Switch-Vlan-interface2] ip forward-broadcast
Configuring TCP attributes
Configuring the TCP send/receive buffer size
Follow these steps to configure the TCP send/receive buffer size:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the size of TCP receive/send buffer |
tcp window window-size |
Optional 8 KB by default. |
Configuring TCP timers
You can configure the following TCP timers:
· synwait timer: When sending a SYN packet, TCP starts the synwait timer. If no response packet is received within the synwait timer interval, the TCP connection cannot be created.
· finwait timer: When a TCP connection is changed into FIN_WAIT_2 state, the finwait timer is started. If no FIN packet is received within the timer interval, the TCP connection is terminated. If a FIN packet is received, the TCP connection state changes to TIME_WAIT. If a non-FIN packet is received, the system restarts the timer upon receiving the last non-FIN packet. The connection is broken after the timer expires.
Follow these steps to configure TCP timers:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the TCP synwait timer |
tcp timer syn-timeout time-value |
Optional 75 seconds by default. |
|
Configure the TCP finwait timer |
tcp timer fin-timeout time-value |
Optional 675 seconds by default. |
|
|
CAUTION: The actual length of the finwait timer is determined by the following formula: Actual length of the finwait timer = (Configured length of the finwait timer – 75) + configured length of the synwait timer |
Configuring ICMP to send error packets
Introduction
Sending error packets is a major function of ICMP. In case of network abnormalities, error packets are usually sent by the network or transport layer protocols to notify corresponding devices so as to facilitate control and management.
Advantages of sending ICMP error packets
ICMP error packets include redirect, timeout, and destination unreachable packets.
1. ICMP redirect packets
A host may have only a default route to the default gateway in its routing table after startup. The default gateway will send ICMP redirect packets to the source host, telling it to reselect a correct next hop to send the subsequent packets, if the following conditions are satisfied:
· The receiving and forwarding interfaces are the same.
· The selected route has not been created or modified by an ICMP redirect packet.
· The selected route is not the default route of the device.
· There is no source route option in the packet.
The ICMP redirect packets function simplifies host administration and enables a host to gradually establish a sound routing table to find the best route.
2. ICMP timeout packets
If the device receives an IP packet with a timeout error, it drops the packet and sends an ICMP timeout packet to the source.
The device sends an ICMP timeout packet under the following conditions:
· If the device finds the destination of a packet is not itself and the TTL field of the packet is 1, it will send a “TTL timeout” ICMP error message.
· When the device receives the first fragment of an IP datagram whose destination is the device itself, it starts a timer. If the timer times out before all the fragments of the datagram are received, the device will send a “reassembly timeout” ICMP error packet.
3. ICMP destination unreachable packets
If the device receives an IP packet with the destination unreachable, it will drop the packet and send an ICMP destination unreachable error packet to the source.
Conditions for sending an ICMP destination unreachable packet:
· If neither a route nor the default route for forwarding a packet is available, the device will send a “network unreachable” ICMP error packet.
· If the destination of a packet is local but the transport layer protocol of the packet is not supported by the local device, the device sends a “protocol unreachable” ICMP error packet to the source.
· When receiving a packet with the destination being local and transport layer protocol being UDP, if the packet's port number does not match the running process, the device will send the source a “port unreachable” ICMP error packet.
· If the source uses “strict source routing" to send packets, but the intermediate device finds that the next hop specified by the source is not directly connected, the device will send the source a “source routing failure” ICMP error packet.
· When forwarding a packet, if the MTU of the sending interface is smaller than the packet, but the packet has been set as “Don't Fragment”, the device will send the source a “fragmentation needed and Don't Fragment (DF)-set” ICMP error packet.
Disadvantages of sending ICMP error packets
Sending ICMP error packets facilitates network control and management, but it has the following disadvantages:
· Increases network traffic.
· A device's performance degrades if it receives a lot of malicious packets that cause it to respond with ICMP error packets.
· A host's performance degrades if the redirection function increases the size of its routing table.
· End users are affected because of receiving ICMP destination unreachable packets caused by malicious users.
To prevent such problems, disable the device from sending ICMP error packets.
|
|
NOTE: The switching engine on the WX3000E Series Wireless Switches does not support sending of ICMP error packets. |
Configuration procedure
Follow these steps to enable sending of ICMP error packets:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable sending of ICMP timeout packets |
ip ttl-expires enable |
Required Disabled by default. |
|
Enable sending of ICMP destination unreachable packets |
ip unreachables enable |
Required Disabled by default. |
|
|
NOTE: When sending ICMP timeout packets is disabled, the device will not send “TTL timeout” ICMP error packets. However, “reassembly timeout” error packets will be sent normally. |
Displaying and maintaining IP performance optimization
|
To do… |
Use the command… |
Remarks |
|
Display TCP connection statistics |
display tcp statistics [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display UDP statistics |
display udp statistics [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display statistics of IP packets |
display ip statistics [ slot slot-number ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display ICMP statistics |
display icmp statistics [ slot slot-number ] [ | { begin | exclude | include } regular-expression ] regular-expression ] |
Available in any view |
|
Display socket information |
display ip socket [ socktype sock-type ] [ task-id socket-id ] [ slot slot-number ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Display FIB information matching the specified destination IP address |
display fib ip-address [ mask | mask-length ] [ | { begin | exclude | include } regular-expression ] |
Available in any view |
|
Clear statistics of IP packets |
reset ip statistics [ slot slot-number ] |
Available in user view |
|
Clear statistics of TCP connections |
reset tcp statistics |
Available in user view |
|
Clear statistics of UDP traffic |
reset udp statistics |
Available in user view |
