Establishing The Configuration Task; Configuring Ldp Gtsm - Huawei AR1200 Series Configuration Manual - Mpls

Huawei AR1200 Series Enterprise Routers
Configuration Guide - MPLS

2.9.1 Establishing the Configuration Task

Before configuring LDP GTSM, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the required data.
Applicable Environment
The Generalized TTL Security Mechanism (GTSM) prevents attacks by using the TTL detection.
An attacker simulates real LDP unicast packets and sends the packets in a large quantity to a
node. After receiving the packets, an interface of the LSR directly sends the packets to LDP of
the control plane if the interface finds that the packets are sent by the local node, without checking
the validity of the packets. Because the control plane of the node needs to process the "legal"
packets, the system becomes abnormally busy and CPU usage is high.
GTSM protects the node by checking whether the TTL value in the IP packet header is within
a pre-defined range, and enhances the system security.
Pre-configuration Tasks
Before configuring basic LDP GTSM functions, complete the following tasks:
l
Data Preparation
To configure the basic LDP GTSM functions, you need the following data.
No.
1
2

2.9.2 Configuring LDP GTSM

To configure LDP GTSM, configure both LDP peers.
Context
Perform the following steps on the two LDP peers that need to be configured with GTSM:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
mpls ldp
The MPLS LDP view is displayed.
Issue 01 (2011-12-30)
Enabling MPLS and MPLS LDP
Data
Transport address of an LDP peer
Maximum number of valid hops permitted by GTSM
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 MPLS LDP Configuration
61