< Home

ipv6 nd security rate-limit

Function

The ipv6 nd security rate-limit command sets a rate limit for the system to process received ND messages.

The undo ipv6 nd security rate-limit command restores the default rate limit.

By default, no rate limit is set.

Format

ipv6 nd security rate-limit ratelimit-value

undo ipv6 nd security rate-limit

Parameters

Parameter Description Value
ratelimit-value Specifies the rate limit for processing received ND messages. The value is an integer ranging from 1 to 100, in messages per second.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Usage Scenario

If an attacker keeps sending SEND messages to a device, the device will be busy verifying the RSA signature. To limit the rate at which the interface verifies the RSA signature of the SEND messages, you can run the ipv6 nd security rate-limit command.

Configuration Impact

If the rate at which the interface verifies the RSA signature of the SEND messages is out of the allowed range, the device will regard these messages insecure and discard them.

Example

# Configure the system to process a maximum of 10 received ND messages per second.

<sysname> system-view
[sysname] ipv6 nd security rate-limit 10
Parent Topic: IPv6 Neighbor Discovery Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >