anti-ddos first-packet-check ip-id enable

By default, the function of checking the identification fields in the IP headers of retransmitted packets is disabled.

Generally, the identification fields in various IP packet headers are different. If they are the same, the packets may be attack packets. After the function of checking the identification fields in the IP headers of retransmitted packets is enabled, certain attack packets can be filtered out.

In the first-packet discarding process, after a packet is determined as a retransmitted packet according to the 3-tuple information and time interval, whether the identification field in the packet header is the same as that of the last packet that matches the same 3-tuple is checked. If yes, the retransmitted packet is directly discarded. If no, the packet continues to enter the source authentication process.

The function of checking the identification field in the IP packet header is an enhancement to the first-packet discarding function. The function takes effect only when the first-packet discarding function is enabled.

Some normal clients send IP packets with the same identification field in packet headers. In this special case, the identification field verification function cannot be enabled. Otherwise, services may be affected.