gtsm peer valid-ttl-hops
Function
The gtsm peer valid-ttl-hops command configures the generalized TTL security mechanism (GTSM) on a specified LDP peer.
The undo gtsm command deletes the GTSM on all LDP peers or a specified LDP peer.
By default, no LDP peer is configured with the GTSM.
Parameters
| Parameter | Description | Value |
|---|---|---|
| peer ip-address | Specifies the transport address of an LDP peer. | The value is in dotted decimal notation. |
| valid-ttl-hops hops | Specifies the maximum number of valid hops permitted by the GTSM. | The value is an integer ranging from 1 to 255. |
| all | Indicates all LDP peers. | - |
Usage Guidelines
Usage Scenario
The GTSM checks TTL values to verify packets and protect devices against attacks. LDP peers are configured with the GTSM and a valid TTL range to check TTLs in LDP packets exchanged between them. If the TTL in an LDP packet is out of the valid range, this LDP packet is considered invalid and discarded. The GTSM defends against CPU-based attacks initiated using a large number of forged packets and protects upper-layer protocols.
If the value of hops is set to the maximum number of valid hops permitted by GTSM, when the TTL values carried in the packets sent by an LDP peer are within the range [255 - Number of hops +1, 255], the packets are received; otherwise, the packets are discarded.
Configuring the GTSM on both ends of an LDP session is recommended.
Prerequisites
MPLS LDP has been enabled globally using the mpls ldp (system view) command.
Precautions
The valid TTL range is from 1 to 255 or from 1 to 64, depending on the specific vendor. If a Huawei device is connected to a non-Huawei device, set hops to a value in a valid range that both devices support; otherwise, the Huawei device will discard packets sent by the non-Huawei device, resulting in LDP session interruption.