Configuring The Ldp Gtsm; Checking The Configuration - Huawei AR1200 Series Configuration Manual - Mpls

Huawei AR1200 Series Enterprise Routers
Configuration Guide - MPLS
Step 3 Run:
authentication key-chain peer peer-id name keychain-name
LDP keychain is enabled and a keychain name is specified.
By default, LDP keychain authentication is not performed between LDP peers.
Configuring LDP keychain authentication leads to reestablishment of an LDP session and deletes
the LSP associated with the LDP session.
----End

2.10.4 Configuring the LDP GTSM

The LDP GTSM can be configured on LSRs at both ends of an LDP session.
Context
The GTSM checks TTL values to verify packets and defend devices against attacks. LDP peers
are configured with the GTSM and a valid TTL range to check TTLs in LDP packets exchanged
between them. If the TTL in an LDP packet is out of the valid range, this LDP message is
considered invalid and discarded. The GTSM defends against CPU-based attacks initiated using
a large number of forged packets and protects upper-layer protocols.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
mpls ldp
The MPLS-LDP view is displayed.
Step 3 Run:
gtsm peer ip-address valid-ttl-hops hops
The LDP GTSM is configured.
hops is the maximum number of valid hops permitted by the GTSM. If a TTL value carried in
a received packet is in a specified range of [255 – hops + 1, 255], the packet is accepted; if the
TTL value is out of the range, the packet is discarded.
----End

2.10.5 Checking the Configuration

After configuring the LDP security features, you can view the configurations of LDP MD5
authentication, LDP keychain authentication, and the LDP GTSM.
Issue 01 (2011-12-30)
CAUTION
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 MPLS LDP Configuration
66