Configuring Basic Bgp4+ Gtsm Functions - Huawei Quidway NetEngine80E Configuration Manual
Universal service router, ip routing
Hide thumbs
Also See for Quidway NetEngine80E:
- Configuration manual - reliability (1432 pages) ,
- Configuration manual (341 pages) ,
- Installation manual (169 pages)
Advertisement
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Routing
9.16.4 Configuring Basic BGP4+ GTSM Functions
The GTSM mechanism protects a router by checking whether the TTL value in the IP header is
in a pre-defined range.
Procedure
l
l
Issue 02 (2014-09-30)
Configuring Basic BGP4+ GTSM Functions
Perform the following steps on the two peers:
1.
Run:
system-view
The system view is displayed.
2.
Run:
bgp { as-number-plain | as-number-dot }
The BGP view is displayed.
3.
Run
peer { group-name | ipv6-address } valid-ttl-hops [ hops ]
Basic BGP4+ GTSM functions are configured.
The range of TTL values of packets is [ 255-hops+1, 255 ]. By default, the value of
hops is 255. That is, the valid TTL range is [ 1, 255 ]. For example, for the direct
EBGP route, the value of hops is 1. That is, the valid TTL value is 255.
NOTE
l The configuration in the BGP view is also valid for the VPNv6 extension of MP-BGP. This
is because they use the same TCP connection.
l GSTM is exclusive with EBGP-MAX-HOP; therefore, you can enable only one of them
on the same peer or the peer group.
After the BGP4+ GTSM policy is configured, an interface board checks the TTL
values of all BGP4+ packets. According to the actual networking requirements, you
can configure GTSM to discard or process the packets that do not match the GTSM
policy. If you configure GTSM to discard the packets that do not match the GTSM
policy by default, you can configure the range of finite TTL values according to the
network topology; therefore, the interface board directly discards the packets with the
TTL value not in the configured range. Therefore, the attackers cannot simulate valid
BGP4+ packets to occupy CPU resources.
Performing the Default GTSM Action
Perform the following steps on the router configured with GTSM:
1.
Run:
system-view
The system view is displayed.
2.
Run:
gtsm default-action { drop | pass }
The default action is configured for the packets that do not match the GTSM policy.
By default, the packets that do not match the GTSM policy can pass the filtering.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9 BGP4+ Configuration
1119
Hide quick links:
Advertisement
