Operation Manual –IP Address-IP PerformanceH3C S3100 Series Ethernet Switches Chapter 2 IP Performance Configuration2-2z finwait timer: When the TCP connection is changed into FIN_WAIT_2 state, finwaittimer will be started. If no FIN packets are received within the timer timeout, theTCP connection will be terminated. If FIN packets are received, the TCPconnection state changes to TIME_WAIT. If non-FIN packets are received, thesystem restarts the timer from receiving the last non-FIN packet. The connection isbroken after the timer expires.z Size of TCP receive/send bufferTable 2-2 Configure TCP attributesOperation Command RemarksEnter system view system-view —Configure TCP synwaittimer’s timeout valuetcp timer syn-timeouttime-valueOptionalBy default, the timeoutvalue is 75 seconds.Configure TCP finwaittimer’s timeout valuetcp timer fin-timeouttime-valueOptionalBy default, the timeoutvalue is 675 seconds.Configure the size of TCPreceive/send buffer tcp window window-sizeOptionalBy default, the buffer is 8kilobytes.2.2.3 Disabling ICMP to Send Error PacketsSending error packets is a major function of ICMP protocol. In case of networkabnormalities, ICMP packets are usually sent by the network or transport layerprotocols to notify corresponding devices so as to facilitate control and management.By default, S3100 Series Ethernet Switches support sending ICMP redirect anddestination unreachable packets.Although sending ICMP error packets facilitate control and management, it still has thefollowing disadvantages:z Sending a lot of ICMP packets will increase network traffic.z If receiving a lot of malicious packets that cause it to send ICMP error packets, thedevice’s performance will be reduced.z As the ICMP redirection function increases the routing table size of a host, thehost’s performance will be reduced if its routing table becomes very large.z If a host sends malicious ICMP destination unreachable packets, end users maybe affected.You can disable the device from sending such ICMP error packets for reducing networktraffic and preventing malicious attacks.
