The gtsm peer valid-ttl-hops command configures GTSM on a specified LDP peer.
The undo gtsm command deletes GTSM configured on all LDP peers or a specified LDP peer.
By default, GTSM is not configured on any LDP peer.
| Parameter | Description | Value |
|---|---|---|
| valid-ttl-hops hops |
Specifies the maximum number of valid hops allowed by GTSM. |
The value is an integer that ranges from 1 to 255. |
| all |
Indicates all LDP peers. |
- |
| peer ip-address |
Specifies the LDP transport address of the LDP peer. |
The value is in dotted decimal notation. |
Usage Scenario
The GTSM checks TTL values to verify packets and defend devices against attacks. LDP peers are configured with the GTSM and a valid TTL range to check TTLs in LDP packets exchanged between them. If the TTL in an LDP packet is not in the valid range, this LDP packet is considered invalid and discarded. The GTSM defends against CPU-based attacks initiated using a large number of forged packets and protects upper-layer protocols.
If the value of hops is set to the maximum number of valid hops permitted by GTSM, when the TTL values carried in the packets sent by an LDP peer are within the range [255 - Number of hops + 1, 255], the packets are received; otherwise, the packets are discarded. Configuring the GTSM on both ends of an LDP session is recommended.Prerequisites
MPLS LDP has been enabled globally using the mpls ldp (system view) command.
Precautions
The valid TTL range is from 1 to 255 or from 1 to 64, depending on the specific vendor. If a Huawei device is connected to a non-Huawei device, set hops to a value in a valid range that both devices support; otherwise, the Huawei device will discard packets sent by the non-Huawei device, resulting in LDP session interruption.