Before You Start - Huawei Quidway NetEngine80E Configuration Manual
Universal service router, ip routing
Hide thumbs
Also See for Quidway NetEngine80E:
- Configuration manual - reliability (1432 pages) ,
- Configuration manual (341 pages) ,
- Installation manual (169 pages)
Advertisement
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Routing
6.13.1 Before You Start
Before improving Open Shortest Path First version 3 (OSPFv3) network security, familiarize
yourself with the usage scenario, complete the pre-configuration tasks, and obtain the data
required for the configuration.
Usage Scenario
If an OSPFv3 network requires high security, you can configure OSPFv3 generalized TTL
security mechanism (GTSM) and an authentication mode to improve network security.
l
l
Pre-configuration Tasks
Before improving OSPFv3 network security, complete the following tasks:
l
l
Data Preparation
To complete the configuration, you need the following data:
No.
1
2
3
4
5
6
Issue 02 (2014-09-30)
During network attacks, attackers may simulate OSPFv3 unicast packets and continuously
send them to the router. If the packets are destined for the router, it directly forwards them
to the control plane for processing without validating them. As a result, the increased
processing workload on the control plane leads to high CPU usage. GTSM protects the
router against potential attacks and improves system security by checking whether the time
to live (TTL) value in each IP packet header is within a pre-defined range.
NOTE
OSPFv3 GTSM takes effect only on unicast packets and therefore applies to virtual links and sham
links.
In OSPFv3 authentication, an authentication field is added to each OSPFv3 packet for
encryption. When a local device receives an OSPFv3 packet from a remote device, the local
device discards the packet if the authentication password carried in the packet is different
from the local one, which protects the local device against potential attacks. Therefore,
OSPFv3 authentication improves network security.
Configure an IP address for each interface to ensure that neighboring routers can use the
IP addresses to communicate with each other.
Configure basic OSPFv3 functions.
Data
OSPFv3 process ID
(Optional) OSPFv3 virtual private network (VPN) instance name
(Optional) TTL to be checked
ID of the OSPFv3 area in which authentication is to be configured
Numbers of the OSPFv3 interfaces on which authentication is to be configured
Authentication mode and password
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6 OSPFv3 Configuration
459
Hide quick links:
Advertisement
