2-2
z
synwait timer: When sending a SYN packet, TCP starts the synwait timer. If no response packet is
received within the synwait timer interval, the TCP connection cannot be created.
z
finwait timer: When a TCP connection is changed into FIN_WAIT_2 state, the finwait timer is
started. If no FIN packet is received within the timer timeout, the TCP connection will be terminated.
If a FIN packet is received, the TCP connection state changes to TIME_WAIT. If a non-FIN packet
is received, the system restarts the timer upon receiving the last non-FIN packet. The connection is
broken after the timer expires.
z
Size of TCP receive/send buffer
Follow these steps to configure TCP attributes:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Configure the TCP synwait
timer
tcp timer syn-timeout
time-value
Optional
75 seconds by default.
Configure the TCP finwait timer
tcp timer fin-timeout
time-value
Optional
675 seconds by default.
Configure the size of TCP
receive/send buffer
tcp window window-size
Optional
8 kilobytes by default.
Disabling Sending of ICMP Error Packets
Sending error packets is a major function of the Internet Control Message Protocol (ICMP). In case of
network abnormalities, ICMP packets are usually sent by the network or transport layer protocols to
notify corresponding devices so as to facilitate management.
Advantages of sending ICMP error packets
ICMP redirect packets and destination unreachable packets are two kinds of ICMP error packets. Their
sending conditions and functions are as follows.
1) Sending ICMP redirect packets
A host may have only a default route to the default gateway in its routing table after startup. The default
gateway will send an ICMP redirect packet to the source host, telling it to reselect a better next hop to
send the subsequent packets, if the following conditions are satisfied:
z
The receiving and forwarding interfaces are the same.
z
The selected route has not been created or modified by any ICMP redirect packet.
z
The selected route is not the default route.
z
There is no source route option in the data packet.
ICMP redirect packets simplify host administration and enables a host to gradually establish a sound
routing table.
2) Sending ICMP destination unreachable packets
If a device receives an IP packet with an unreachable destination, it will drop the packet and send an
ICMP destination unreachable error packet to the source.
Conditions for sending an ICMP unreachable packet:
z
If neither a route nor the default route for forwarding a packet is available, the device will send a
“network unreachable” ICMP error packet.