Configuring Ospfv3 Gtsm - Huawei Quidway NetEngine80E Configuration Manual
Universal service router, ip routing
Hide thumbs
Also See for Quidway NetEngine80E:
- Configuration manual - reliability (1432 pages) ,
- Configuration manual (341 pages) ,
- Installation manual (169 pages)
Advertisement
HUAWEI NetEngine80E/40E Router
Configuration Guide - IP Routing
6.13.2 Configuring OSPFv3 GTSM
Open Shortest Path First version 3 (OSPFv3) Generalized TTL security mechanism (GTSM)
can be configured to protect the router against potential attacks and improve system security.
Context
GTSM checks the time to live (TTL) values of only the packets that match a GTSM policy. You
can configure the router to allow the unmatched packets to pass through the filter or to be
discarded. If you configure the router to discard the unmatched packets, enable GTSM on
routers with which the router may communicate because the router discards all packets from
GTSM-incapable routers, and as a result, connections cannot be established.
In addition, you can configure the router to log discarded packets to facilitate future fault locating.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
ospfv3 valid-ttl-hops valid-ttl-hops-value [ vpn-instance vpn-instance name ]
OSPFv3 GTSM is configured.
GTSM must be enabled at both ends of an OSPFv3 connection.
The ospfv3 valid-ttl-hops command enables OSPFv3 GTSM and sets a TTL value. If you
specify vpn-instance in the command, the router checks the TTL values of packets only in this
VPN. Therefore, if you want to apply the configured TTL value to packets only in a VPN or the
public network, specify pass in the gtsm default-action command to prevent the OSPFv3
packets in other instances from being discarded incorrectly.
Step 3 (Optional) Run:
gtsm default-action { drop | pass }
An action is configured for the router to perform on the packets that do not match the GTSM
policy.
By default, pass is executed on packets that do not match the GTSM policy.
----End
6.13.3 Configuring an Authentication Mode
Open Shortest Path First version 3 (OSPFv3) supports packet authentication, enabling routers
to receive only the OSPFv3 packets that are authenticated. If packets fail to be authenticated,
Issue 02 (2014-09-30)
NOTE
The valid TTL value ranges from 255 – valid-ttl-hops-value + 1 to 255.
NOTE
If an action is configured but a GTSM policy is not, GTSM does not take effect.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6 OSPFv3 Configuration
460
Hide quick links:
Advertisement
