IPv4 ICMP Broadcast

Table 1. Internet Control Message Protocol product support

Feature

Product

Release introduced

Internet Control Message Protocol (ICMP)

5420 Series

VOSS 8.4

5520 Series

VOSS 8.2.5

VSP 4450 Series

VSP 4000 4.0

VSP 4900 Series

VOSS 8.1

VSP 7200 Series

VOSS 4.2.1

VSP 7400 Series

VOSS 8.0

VSP 8200 Series

VSP 8200 4.0

VSP 8400 Series

VOSS 4.2

VSP 8600 Series

VSP 8600 4.5

XA1400 Series

VOSS 8.0.50

ICMP broadcast and multicast enable or disable

5420 Series

VOSS 8.4

5520 Series

VOSS 8.2.5

VSP 4450 Series

VOSS 5.1

VSP 4900 Series

VOSS 8.1

VSP 7200 Series

VOSS 5.1

VSP 7400 Series

VOSS 8.0

VSP 8200 Series

VOSS 5.1

VSP 8400 Series

VOSS 5.1

VSP 8600 Series

VSP 8600 4.5

XA1400 Series

Not Supported

IPv4 ICMP packet drop filtering

5420 Series

VOSS 8.5

5520 Series

VOSS 8.5

VSP 4450 Series

VOSS 8.5

VSP 4900 Series

VOSS 8.5

VSP 7200 Series

VOSS 8.5

VSP 7400 Series

VOSS 8.5

VSP 8200 Series

VOSS 8.5

VSP 8400 Series

VOSS 8.5

VSP 8600 Series

Not supported

XA1400 Series

VOSS 8.5

IPv6 ICMP packet drop filtering

5420 Series

VOSS 8.5

5520 Series

VOSS 8.5

VSP 4450 Series

VOSS 8.5

VSP 4900 Series

VOSS 8.5

VSP 7200 Series

VOSS 8.5

VSP 7400 Series

VOSS 8.5

VSP 8200 Series

VOSS 8.5

VSP 8400 Series

VOSS 8.5

VSP 8600 Series

Not supported

XA1400 Series

Not supported

On IPv4 networks, a packet can be directed to an individual machine or broadcast to an entire network. When a packet is sent to an IP broadcast address from a machine on the local network, that packet is delivered to all machines on that network.

If a packet that is broadcast is an ICMP echo request packet, the machines on the network receive this ICMP echo request packet and send an ICMP echo reply packet back. When all the machines on a network respond to this ICMP echo request, the result can be severe network congestion or outages.

The switch always responds to IPv4 ICMP packets sent to a broadcast address. You can disable the processing of these IPv4 ICMP packets sent to the broadcast address. On disabling the ICMP broadcast processing, all the packets containing ICMP sent to the broadcast addresses will be dropped when the packets reach the control plane.

You can disable or enable the IPv4 ICMP broadcast processing at the VRF level.

Fragmented ICMP Packet Filtering

ICMP fragmentation distributed denial-of-service (DDoS) attacks flood the destination resources with fragmented packets and overwhelm the network because of massive volumes of traffic. With Fragmented ICMP packet filtering, the system inspects each incoming IPv4 ICMP packet to determine if it should drop the packet or forward it.

You can configure ICMP packet filtering globally, on a specific VRF, and on the following management interfaces:
  • Out-of-Band (OOB) management

  • Circuitless IP (CLIP) management

  • VLAN management