Configuring Gtsm For Ospf - HP FlexFabric 12900E Series Configuration Manual

Step
3. Filter LSAs for the
specified neighbor.

Configuring GTSM for OSPF

The Generalized TTL Security Mechanism (GTSM) protects the device by comparing the TTL value
in the IP header of incoming OSPF packets against a valid TTL range. If the TTL value is within the
valid TTL range, the packet is accepted. If not, the packet is discarded.
The valid TTL range is from 255 – the configured hop count + 1 to 255.
When GTSM is configured, the OSPF packets sent by the device have a TTL of 255.
GTSM checks OSPF packets from common neighbors and virtual link neighbors. It does not check
OSPF packets from sham link neighbors. For information about GTSM for OSPF sham links, see
MPLS Configuration Guide.
You can configure GTSM in OSPF area view or interface view.
•
The configuration in OSPF area view applies to all OSPF interfaces in the area.
•
The configuration in interface view takes precedence over OSPF area view.
IMPORTANT:
To use GTSM, you must configure GTSM on both the local and peer devices. You can specify
different hop-count values for them.
To configure GTSM in OSPF area view:
Step
1. Enter system view.
2. Enter OSPF view.
3. Enter OSPF area view.
4. Enable GTSM for the OSPF
area.
To configure GTSM in interface view:
Step
1. Enter system view.
2. Enter interface view.
3. Enable
interface.
Command
database-filter peer ip-address { all
| { ase [ acl ipv4-acl-number ] | nssa
[ acl ipv4-acl-number ] | summary
[ acl ipv4-acl-number ] } * }
Command
system-view
ospf
router-id
vpn-instance-name ] *
area area-id
ttl-security [ hops hop-count ]
Command
system-view
interface
interface-number
GTSM for the
ospf ttl-security [ hops hop-count
| disable ]
Remarks
By default, the LSAs for the specified
neighbor are not filtered.
[ process-id | router-id
| vpn-instance
interface-type
96
Remarks
N/A
N/A
N/A
By default, GTSM is disabled for
the OSPF area.
Remarks
N/A
N/A
By default, GTSM is disabled for
the interface.