Operation Manual – IP Addressing and Performance
H3C S3610&S5510 Series Ethernet Switches
Chapter 2 IP Performance Configuration
2-6
Note:
z
With the protection against Naptha attack enabled, the device will periodically check
and record the number of TCP connections in each state.
z
With the protection against Naptha attack enabled, if the device detects that the
number of TCP connections in a state exceeds the maximum number, the device
will consider that there is a Naptha attack and accelerate the aging of these TCP
connections. The device will not stop accelerating the aging of TCP connections
until the number of TCP connection in such a state is less than 80% of the maximum
number.
2.3.3 Configuring TCP Optional Parameters
TCP optional parameters that can be configured include:
z
synwait timer: When sending a SYN packet, TCP starts the synwait timer. If no
response packets are received within the synwait timer timeout, the TCP
connection is not successfully created.
z
finwait timer: When the TCP connection is in FIN_WAIT_2 state, finwait timer will
be started. If no FIN packets are received within the timer timeout, the TCP
connection will be terminated. If FIN packets are received, the TCP connection
state changes to TIME_WAIT. If non-FIN packets are received, the system
restarts the timer from receiving the last non-FIN packet. The connection is broken
after the timer expires.
z
Size of TCP receive/send buffer
Follow these steps to configure TCP optional parameters:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Configure TCP synwait
timer’s timeout value
tcp timer syn-timeout
time-value
Optional
By default, the timeout
value is 75 seconds.
Configure TCP finwait
timer’s timeout value
tcp timer fin-timeout
time-value
Optional
By default, the timeout
value is 675 seconds.
Configure the size of TCP
receive/send buffer
tcp window window-size
Optional
By default, the buffer is 8
kilobytes.