< Home

peer valid-ttl-hops

Function

The peer valid-ttl-hops command applies the GTSM function on the peer or peer group.

The undo peer valid-ttl-hops command cancels the application of the GTSM function on the peer or peer group.

By default, the GTSM function on the peer or peer group is not configured.

Format

peer { group-name | ipv4-address | ipv6-address } valid-ttl-hops [ hops ]

undo peer { group-name | ipv4-address | ipv6-address } valid-ttl-hops

Parameters

Parameter Description Value
group-name Specifies the name of the peer group. The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
ipv4-address Specifies the IPv4 address of a peer. It is in dotted decimal notation.
ipv6-address Specifies the IPv6 address of a peer. The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X.
hops Specifies the number of TTL hops to be checked. The value is an integer that ranges from 1 to 255. The default value is 255. If the value is configured as hops, the valid TTL range of the detected packet is [255 - hops + 1, 255].
  • ipv4-address is valid only in the BGP view and BGP-VPN instance IPv4 address family view.
  • ipv6-address is valid only in the BGP view and BGP-VPN instance IPv6 address family view.

Views

BGP view, BGP-VPN instance IPv4 address family view, BGP-VPN instance IPv6 address family view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To protect a device against the attacks of forged BGP packets, you can configure GTSM to check whether the TTL value in the IP packet header is within the specified range.

Prerequisites

Before configuring GTSM for a peer group, run the peer group command to add peers to the peer group.

Precautions

When the undo peer valid-ttl-hops command is run and no parameter is specified, all the GTSM configurations on a peer or a peer group are deleted.

The configuration in the BGP view is also valid for the extension of MP-BGP. This is because they use the same TCP connection.

The GTSM configurations are symmetrical, that is, GTSM must be enabled on both ends of the BGP connection at the same time.

  • GTSM and EBGP-MAX-HOP are mutually exclusive because both of them affect the TTL of the sent BGP packet. Therefore, the two functions cannot be enabled on a peer or peer group simultaneously.

  • If GTSM is enabled on two directly connected EBGP peers, the fast sensing function is invalid on the interfaces directly connecting the two EBGP peers. This is because BGP considers the EBGP peers indirectly connected when GTSM is enabled on the EBGP peers.

Example

# Configure the GTSM function for the peer.

<HUAWEI> system-view
[HUAWEI] bgp 100
[HUAWEI-bgp] peer 10.1.1.2 as-number 200
[HUAWEI-bgp] peer 10.1.1.2 valid-ttl-hops 1

# Configure the GTSM function for the peer group.

<HUAWEI> system-view
[HUAWEI] bgp 100
[HUAWEI-bgp] group gtsm-group external
[HUAWEI-bgp] peer gtsm-group valid-ttl-hops 1
Parent Topic: BGP Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >