A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones.

Hackers can use directed broadcasts to attack the target network. In some scenarios, however, an interface must send such directed broadcast packets to support the following features:

· UDP helper—Converts the directed broadcasts to unicasts and forwards them to a specific server.

· Wake on LAN—Sends the directed broadcasts to wake up the hosts on the target network.

You can configure this function to enable the interface to forward directed broadcast packets that are destined for directly connected network.

Procedure

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

3. Enable the interface to forward directed broadcasts destined for the directly connected network.

ip forward-broadcast [ acl acl-number ]

By default, an interface cannot forward directed broadcasts destined for the directly connected network.

Example: Enabling an interface to forward directed broadcasts destined for the directly connected network

Network configuration

As shown in Figure 1, the default gateway of the host is the IP address 1.1.1.2/24 of Ten-GigabitEthernet 3/0/1 of Router A. Configure a static route destined for the host on Router B. Router B can receive directed broadcasts from the host to IP address 2.2.2.255.

Figure 1 Network diagram

‌

Procedure

1. Configure Router A:

# Specify IP addresses for Ten-GigabitEthernet 3/0/1 and Ten-GigabitEthernet 3/0/2.

<RouterA> system-view

[RouterA] interface ten-gigabitethernet 3/0/1

[RouterA-Ten-GigabitEthernet3/0/1] ip address 1.1.1.2 24

[RouterA-Ten-GigabitEthernet3/0/1] quit

[RouterA] interface ten-gigabitethernet 3/0/2

[RouterA-Ten-GigabitEthernet3/0/2] ip address 2.2.2.2 24

# Enable Ten-GigabitEthernet 3/0/2 to forward directed broadcasts destined for the directly connected network.

[RouterA-Ten-GigabitEthernet3/0/2] ip forward-broadcast

2. Configure Router B:

# Configure a static route to the host.

<RouterB> system-view

[RouterB] ip route-static 1.1.1.1 24 2.2.2.2

# Specify an IP address for Ten-GigabitEthernet 3/0/2.

[RouterB] interface ten-gigabitethernet 3/0/2

[RouterB-Ten-GigabitEthernet3/0/2] ip address 2.2.2.1 24

Verifying the configuration

After the configurations are completed, if you ping the subnet-directed broadcast address 2.2.2.255 on the host, Ten-GigabitEthernet 3/0/2 of Router B can receive the ping packets. If you delete the ip forward-broadcast configuration on any router, Ten-GigabitEthernet 3/0/2 of Router B cannot receive the ping packets.

Setting the interface MTU for IPv4 packets

About this task

The interface MTU for IPv4 packets defines the largest size of an IPv4 packet that an interface can transmit without fragmentation. When a packet exceeds the MTU of the sending interface, the device processes the packet in one of the following ways:

· If the packet disallows fragmentation, the device discards it.

· If the packet allows fragmentation, the device fragments it and forwards the fragments.

Fragmentation and reassembling consume system resources, so set the MTU based on the network environment to avoid fragmentation.

Procedure

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

3. Set the interface MTU for IPv4 packets.

ip mtu mtu-size

By default, the interface MTU is not set.

Enabling IPv4 local fragment reassembly

About this task

Configure this feature on a device to improve fragment reassembly efficiency. An LPU performs fragment reassembly for an IPv4 packet destined for the device if it receives fragments of that packet. If this feature is disabled, all IPv4 fragments are delivered to the active MPU for reassembly.

This feature fails to reassemble an IPv4 packet if fragments of the packet are received by different LPUs.

Procedure

1. Enter system view.

system-view

2. Enable IPv4 local fragment reassembly.

ip reassemble local enable

By default, IPv4 local fragment reassembly is disabled.

Enabling Layer 3 packet statistics collection

About this task

With this feature enabled on an interface, the device counts incoming and outgoing IP packets on the interface. To display the collected statistics, execute the display ip statistics command.

Restrictions and guidelines

When the interface is processing a large number of packets, Layer 3 packet statistics collection will cause high CPU usage and degrade the forwarding performance. If the statistics are not necessary, to ensure the device performance, disable this feature.

Procedure

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

3. Enable Layer 3 packet statistics collection.

statistics l3-packet enable

By default, Layer 3 packet statistics collection is disabled.

Enabling processing IP options in IP packets

About this task

IP options are typically used for network path diagnosis or temporary transmission of specific services. When a packet with IP options arrives at an intermediate device, the device sends the packet to CPU to process IP options before forwarding it out. In a network with excessive packet exchanges, processing IP options will prevent the intermediate device from processing packets in a timely manner and cause packet loss. To avoid this situation, execute the undo ip option enable command to disable the device from processing IP options in packets to be forwarded. Then packets will be forwarded through hardware.

Disable this feature only when IP options are not used in the network.

Restrictions and guidelines

If both undo ip option enable and undo ip option source-route enable are configured, the device forwards IP packets that contain the source route option instead of dropping them.

Procedure

1. Enter system view.

system-view

2. Enable the device to process IP options in IP packets.

ip option enable

By default, the device processes IP options in IP packets.

Enabling processing the source route option

About this task

The source route option in the IP header is used for network diagnosis and specific service transmission. By default, the device supports processing the source route option. If the option is forged by an attacker, the device will obtain incorrect source route information, affecting network diagnosis and service transmission. To avoid the situation, you can execute the undo ip option source-route enable command to drop IP packets that contain source route option.

Restrictions and guidelines

Before you enable or disable this feature, make sure you have fully evaluated the probability of the source route option attack in the network.

Procedure

1. Enter system view.

system-view

2. Enable processing IP packets that contain the source route option.

ip option source-route enable

By default, the device processes IP packets that contain the source route option.

Enabling sending ICMP error messages

About sending ICMP error messages

ICMP messages are used by network layer and transport layer protocols to communicate updates and errors with other devices, facilitating network management.

Sending excessive ICMP messages increases network traffic. The device performance degrades if it receives a lot of malicious ICMP messages that cause it to respond with ICMP error messages. To prevent such problems, the sending of ICMP error messages is disabled by default. You can enable sending ICMP error messages of different types as needed.

ICMP error messages include redirect messages, time exceeded messages, and destination unreachable messages.

Enabling sending ICMP redirect messages

About this task

A host that has only one default route sends all packets to the default gateway. The default gateway sends an ICMP redirect message to inform the host of a correct next hop by following these rules:

· The receiving and sending interfaces are the same.

· The packet source IP address and the IP address of the packet receiving interface are on the same segment.

· There is no source route option in the received packet.

ICMP redirect messages simplify host management and enable hosts to gradually optimize their routing table.

Procedure

1. Enter system view.

system-view

2. Enable sending ICMP redirect messages.

ip redirects enable

By default, the sending of ICMP redirect messages is disabled.

Enabling sending ICMP time exceeded messages

About this task

A device sends ICMP time exceeded messages by following these rules:

· The device sends the source an ICMP TTL exceeded in transit message when the following conditions are met:

¡ The received packet is not destined for the device.

¡ The TTL field of the packet is 1.

· When the device receives the first fragment of an IP datagram destined for it, it starts a timer. If the timer expires before all the fragments of the datagram are received, the device sends an ICMP fragment reassembly time exceeded message to the source.

Restrictions and guidelines

If the ICMP time exceeded message sending is disabled, the device does not send ICMP TTL exceeded in transit messages. However, it can still send ICMP fragment reassembly time exceeded messages.

Procedure

1. Enter system view.

system-view

2. Enable sending ICMP time exceeded messages.

ip ttl-expires enable

By default, the sending of ICMP time exceeded messages is disabled.

Enable sending ICMP destination unreachable messages

About this task

A device sends ICMP destination unreachable messages by following these rules:

· The device sends the source an ICMP network unreachable message when the following conditions are met:

¡ The packet does not match any route.

¡ No default route exists in the routing table.

· The device sends the source an ICMP protocol unreachable message when the following conditions are met:

¡ The packet is destined for the device.

¡ The transport layer protocol of the packet is not supported by the device.

· The device sends the source an ICMP port unreachable message when the following conditions are met:

¡ The UDP packet is destined for the device.

¡ The packet's port number does not match the corresponding process.

· The device sends the source an ICMP source route failed message when the following conditions are met:

¡ The source uses Strict Source Routing to send packets.

¡ The intermediate device finds that the next hop specified by the source is not directly connected.

· The device sends the source an ICMP fragmentation needed and DF set message when the following conditions are met:

¡ The MTU of the sending interface is smaller than the packet.

¡ The packet has DF set.

Restrictions and guidelines

If a DHCP-enabled device receives an ICMP echo reply without sending any ICMP echo requests, the device does not send any ICMP protocol unreachable messages to the source. To enable DHCP, use the dhcp enable command. For more information about this command, see BRAS Services Command Reference.

Procedure

1. Enter system view.

system-view

2. Enable sending ICMP destination unreachable messages.

ip unreachables enable

By default, the sending of ICMP destination unreachable messages is disabled.

Configuring rate limit for ICMP error messages

About this task

To avoid sending excessive ICMP error messages within a short period that might cause network congestion, you can limit the rate at which ICMP error messages are sent. A token bucket algorithm is used with one token representing one ICMP error message.

A token is placed in the bucket at intervals until the maximum number of tokens that the bucket can hold is reached.

A token is removed from the bucket when an ICMP error message is sent. When the bucket is empty, ICMP error messages are not sent until a new token is placed in the bucket.

Procedure

1. Enter system view.

system-view

2. Set the interval for tokens to arrive in the bucket for ICMP error messages and set the bucket size.

ip icmp error-interval interval [ bucketsize ]

By default, a token is placed in the bucket at an interval of 100 milliseconds, and the bucket allows a maximum of 10 tokens.

To disable the ICMP rate limit, set the interval to 0 milliseconds.

Disabling forwarding ICMP fragments

Restrictions and guidelines

Disabling forwarding ICMP fragments can protect your device from ICMP fragment attacks.

Procedure

1. Enter system view.

system-view

2. Disable forwarding ICMP fragments.

ip icmp fragment discarding

By default, forwarding ICMP fragments is enabled.

Specifying the source address for ICMP packets

About this task

Specifying the source IP address for outgoing ping echo requests and ICMP error messages helps a network administrator to locate the sending device easily. As a best practice, specify the IP address of the loopback interface as the source IP address.

Restrictions and guidelines

If you specify an IP address in the ping command, ping echo requests use the specified address as the source IP address rather than the IP address specified by the ip icmp source command.

Procedure

1. Enter system view.

system-view

2. Specify the source address for outgoing ICMP packets.

ip icmp source [ vpn-instance vpn-instance-name ] ip-address

By default, no source address is specified for outgoing ICMP packets. The default source IP addresses for different types of ICMP packets vary as follows:

¡ For an ICMP error message, the source IP address is the IP address of the receiving interface of the packet that triggers the ICMP error message. ICMP error messages include Time Exceeded, Port Unreachable, and Parameter Problem messages.

¡ For an ICMP echo request, the source IP address is the IP address of the sending interface.

¡ For an ICMP echo reply, the source IP address is the destination IP address of the ICMP echo request specific to this reply.

Disabling sending a specific type of ICMP messages

About this task

By default, the device sends all types of ICMP messages except Destination Unreachable, Time Exceeded, and Redirect messages. Attackers might obtain information from specific types of ICMP messages, causing security issues.

For security purposes, you can perform this task disable sending ICMP messages of specific types.

Restrictions and guidelines

Disabling sending ICMP messages of a specific type might affect network operation. Please use this feature with caution.

To enable sending Destination Unreachable, Time Exceeded, or Redirect messages, you can perform one of the following tasks:

· Execute the ip icmp send enable command.

· Execute one of the following commands as needed:

¡ ip unreachables enable

¡ ip ttl-expires enable

¡ ip redirects enable

Procedure

1. Enter system view.

system-view

2. Disable the device from sending a specific type of ICMP messages.

undo ip icmp { name icmp-name | type icmp-type code icmp-code } send enable

By default, the device sends all types of ICMP messages except Destination Unreachable, Time Exceeded, and Redirect messages.

Disabling receiving a specific type of ICMP messages

About this task

By default, the device receives all types of ICMP messages. Such a setting might affect device performance if a large number of ICMP responses are received within a short time. To solve this issue, you can perform this task to disable the device from receiving a specific type of ICMP messages.

Restrictions and guidelines

Disabling receiving ICMP messages of a specific type might affect network operation. Please use this feature with caution.

Procedure

1. Enter system view.

system-view

2. Disable the device from receiving a specific type of ICMP messages.

undo ip icmp { name icmp-name | type icmp-type code icmp-code } receive enable

By default, the device receives all types of ICMP messages.

Setting the forwarding priority value for ICMP echo replies in hardware

About this task

When you perform an ICMP echo test to test whether an NQA client can reach the NQA server, the NQA client sends ICMP echo requests to the NQA server. By default, the hardware of the NQA server responds to these ICMP echo requests with the lowest priority. When the NQA server forwards a large amount of packets with higher priority than ICMP echo replies, the hardware might fail to send those ICMP echo replies in time. As a result, the ICMP echo replies will be discarded due to sending timeout errors, which causes the ICMP echo test to fail.

To avoid this issue, use this feature on the NQA server to increase the forwarding priority value for ICMP echo replies in hardware. When the NQA server forwards a large amount of high-priority packets, the forwarding of ICMP echo replies will not be affected in hardware.

For more information about ICMP echo-type NQA tests, see NQA configuration in Network Management and Monitoring Configuration Guide.

Restrictions and guidelines

After you configure this feature, the hardware forwards ICMP echo replies according to the priority value configured in the ip icmp echo-reply traffic-priority command rather than the original priority values in those ICMP echo replies.

After you undo this feature, the hardware forwards ICMP echo replies according to the priority values in those ICMP echo replies.

Procedure

1. Enter system view.

system-view

2. S et the forwarding priority value for ICMP echo replies in hardware.

ip icmp echo-reply traffic-priority priority-value

By default, the hardware responds to ICMP echo requests according to their priorities.

Setting TCP MSS for an interface

About this task

The maximum segment size (MSS) option informs the receiver of the largest segment that the sender can accept. Each end announces its MSS during TCP connection establishment. If the size of a TCP segment is smaller than the MSS of the receiver, TCP sends the TCP segment without fragmentation. If not, it fragments the segment according to the receiver's MSS.

Restrictions and guidelines

· If you set the TCP MSS on an interface, the size of each TCP segment received or sent on the interface cannot exceed the MSS value.

· This configuration takes effect only for TCP connections established after the configuration rather than the TCP connections that already exist.

· This configuration is effective only for IP packets. If MPLS is enabled on the interface, do not set the TCP MSS on the interface.

Procedure

1. Enter system view.

system-view

2. Enter interface view.

interface interface-type interface-number

3. Set the TCP MSS for the interface.

tcp mss value

By default, the TCP MSS is not set.

Configuring TCP MSS adjustment

About this task

Each end announces its MSS during TCP connection establishment. If the negotiated TCP MSS value of both ends is large, the datagram size might be larger than the intermediate device MSS (output interface MTU minus 40). In this case, the intermediate device will fragment the datagram, causing forwarding delay.

The TCP MSS adjustment feature can help prevent the datagrams from being fragmented by adjusting the MSS value in the transient TCP SYN packets.

Restrictions and guidelines

· This configuration takes effect only on TCP connections that are established after the configuration and not on the TCP connections that already exist.

· This command specifies the MSS of TCP SYN packets on an intermediate device. If MPLS is enabled on the interface, do not execute the command on the interface.

· This configuration does not take effect on tunneled TCP SYN packets.

Procedure

1. Enter system view.

system-view

2. Adjust the TCP MSS of TCP SYN packets that go through the device

tcp modify-mss value

By default, the device does not adjust the MSS value in the TCP SYN packets that go through it.

Configuring TCP path MTU discovery

About this task

TCP path MTU discovery (in RFC 1191) discovers the path MTU between the source and destination ends of a TCP connection. The device uses the path MTU to calculate the MSS to avoid IP fragmentation. The path MTU uses an aging mechanism to ensure that the source device can increase the path MTU when the minimum link MTU on the path increases.

TCP path MTU discovery works as follows:

1. A TCP source device sends a packet with the Don't Fragment (DF) bit set.

2. A router discards the packet that exceeds the MTU of the outgoing interface and returns an ICMP error message. The error message contains the MTU of the outgoing interface.

3. Upon receiving the ICMP message, the TCP source device calculates the current path MTU of the TCP connection.

4. The TCP source device sends subsequent TCP segments that are smaller than the MSS (MSS = path MTU – IP header length – TCP header length).

If the TCP source device still receives ICMP error messages when the MSS is smaller than 32 bytes, the TCP source device will fragment packets.

An ICMP error message received from a router that does not support RFC 1191 has the MTU of the outgoing interface set to 0. Upon receiving the ICMP message, the TCP source device selects the path MTU smaller than the current path MTU from the MTU table as described in RFC 1191. Based on the selected path MTU, the TCP source device calculates the TCP MSS. The MTU table contains MTUs of 68, 296, 508, 1006, 1280, 1492, 2002, 4352, 8166, 17914, 32000, and 65535 bytes. Because the minimum TCP MSS specified by the system is 32 bytes, the actual minimum MTU is 72 bytes.

The aging mechanism of the path MTU is as follows:

· When the TCP source device receives an ICMP error message, it reduces the path MTU and starts an aging timer for the path MTU.

· After the aging timer expires, the source device uses a larger MSS in the MTU table, as described in RFC 1191.

· If no ICMP error message is received within two minutes, the source device increases the MSS again until the MSS negotiated during TCP three-way handshake is reached.

Prerequisites

Make sure all devices on a TCP connection are enabled to send ICMP error messages by using the ip unreachables enable command.

Procedure

1. Enter system view.

system-view

2. Enable TCP path MTU discovery.

tcp path-mtu-discovery [ aging age-time | no-aging ]

By default, TCP path MTU discovery is disabled.

Enabling SYN Cookie

About this task

A TCP connection is established through a three-way handshake. An attacker can exploit this mechanism to mount SYN Flood attacks. The attacker sends a large number of SYN packets, but does not respond to the SYN ACK packets from the server. As a result, the server establishes a large number of TCP semi-connections and can no longer handle normal services.

SYN Cookie can protect the server from SYN Flood attacks. When the server receives a SYN packet, it responds with a SYN ACK packet without establishing a TCP semi-connection. The server establishes a TCP connection and enters ESTABLISHED state only when it receives an ACK packet from the client.

Procedure

1. Enter system view.

system-view

2. Enable SYN Cookie.

tcp syn-cookie enable

By default, SYN Cookie is disabled.

Setting the TCP buffer size

1. Enter system view.

system-view

2. Set the size of TCP receive/send buffer.

tcp window window-size

The default buffer size is 63 KB.

Setting TCP timers

About this task

You can set the following TCP timers:

· SYN wait timer—TCP starts the SYN wait timer after sending a SYN packet. Within the SYN wait timer if no response is received or the upper limit on TCP connection tries is reached, TCP fails to establish the connection.

· FIN wait timer—TCP starts the FIN wait timer when TCP changes the connection state to FIN_WAIT_2. If no FIN packet is received within the timer interval, TCP terminates the connection. If a FIN packet is received, TCP changes the connection state to TIME_WAIT. If a non-FIN packet is received, TCP restarts the timer, and tears down the connection when the timer expires.

Procedure

1. Enter system view.

system-view

2. Set the TCP SYN wait timer.

tcp timer syn-timeout time-value

By default, the TCP SYN wait timer is 75 seconds.

3. Set the TCP FIN wait timer.

tcp timer fin-timeout time-value

By default, the TCP FIN wait timer is 675 seconds.

Enabling the Timestamps option encapsulation in outgoing TCP packets

About this task

Devices at each end of the TCP connection can calculate the RTT value by using the TCP Timestamps option carried in TCP packets. For security purpose in some networks, you can disable this feature at one end of the TCP connection to prevent intermediate devices from obtaining the Timestamps option information.

This feature takes effect only on new connections that are established after you configure this feature. Existing TCP connections are not affected.

Procedure

1. Enter system view.

system-view

2. Enable the device to encapsulate the TCP Timestamps option in outgoing TCP packets.

tcp timestamps enable

By default, the TCP timestamps option is encapsulated in outgoing TCP packets.

Enabling TCP logging

About this task

The logs are sent to the information center of the device. For the logs to be output correctly, you must also configure the information center on the device. For more information about information center configuration, see Network Management and Monitoring Configuration Guide.

Restrictions and guidelines

To avoid memory consumption caused by log recording, you can use the undo fib log enable command to disable TCP logging.

Procedure

1. Enter system view.

system-view

2. Enable TCP logging.

tcp log enable

By default, TCP logging is disabled.

Enabling SNMP notifications for TCP events

About this task

Perform this task to enable SNMP notifications for specific events in the TCP module:

· To enable SNMP notification for MD5 authentication failures, specify the md5fail keyword. When the device fails MD5 authentication during TCP connection establishment, the device generates an SNMP notification.

· To enable SNMP notification for TCP SYN flood attacks, specify the syn-flood keyword. When the device detects a flow-based or interface-based TCP SYN flood attack, the device generates an SNMP notification.

This type of SNMP notifications is useful only after you configure the tcp anti-syn-flood flow-based enable or tcp anti-syn-flood interface-based enable command on the device. For more information about these commands, see IP-based attack prevention commands in Security Command Reference.

The SNMP notifications are sent to the SNMP module. For the SNMP notifications to be sent correctly, you must also configure SNMP. For more information about SNMP configuration, see SNMP configuration in Network Management and Monitoring Configuration Guide.

Procedure

1. Enter system view.

system-view

2. Enable SNMP notifications for TCP events.

snmp-agent trap enable tcp [ md5fail | syn-flood ] *

By default, SNMP notifications for TCP events are enabled.

If you specify neither the md5fail keyword nor the syn-flood keyword, SNMP notifications are enabled for both MD5 authentication failures and TCP SYN flood attacks.

Display and maintenance commands for IP performance optimization

Execute display commands in any view and reset commands in user view.

Task	Command
Display brief information about RawIP connections.	display rawip [ slot slot-number ]
Display detailed information about RawIP connections.	display rawip verbose [ slot slot-number [ pcb pcb-index ] ]
Display brief information about TCP connections.	display tcp [ slot slot-number ]
Display brief information about TCP proxy.	display tcp-proxy slot slot-number
Display the usage of non-well-known ports for TCP proxy.	display tcp-proxy port-info slot slot-number
Display detailed information about TCP connections.	display tcp verbose [ slot slot-number [ pcb pcb-index ] ]
Display brief information about UDP connections.	display udp [ slot slot-number ]
Display detailed information about UDP connections.	display udp verbose [ slot slot-number [ pcb pcb-index ] ]
Display IP packet statistics.	display ip statistics [ slot slot-number ]
Display TCP traffic statistics.	display tcp statistics [ slot slot-number ]
Display UDP traffic statistics.	display udp statistics [ slot slot-number ]
Display ICMP statistics.	display icmp statistics [ slot slot-number ]
Display statistics about dropped IP packets that contain the source route option.	display ip option source-route statistics [ slot slot-number ]
Clear IP packet statistics.	reset ip statistics [ slot slot-number ]
Clear TCP traffic statistics.	reset tcp statistics
Clear UDP traffic statistics.	reset udp statistics
Clear statistics about dropped IP packets that contain the source route option.	reset ip option source-route statistics [ slot slot-number ]

05-Layer 3—IP Services Configuration Guide

Enabling an interface to forward directed broadcasts destined for the directly connected network

Example: Enabling an interface to forward directed broadcasts destined for the directly connected network

Network configuration

Procedure

Verifying the configuration

Procedure

About this task

Procedure

Enabling Layer 3 packet statistics collection

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

Setting the forwarding priority value for ICMP echo replies in hardware

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Prerequisites

Procedure

About this task

Procedure

Setting TCP timers

About this task

Procedure

About this task

Procedure

About this task

Restrictions and guidelines

Procedure

About this task

Procedure

Display and maintenance commands for IP performance optimization

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

Company Information

News & Events

Contact Us