The peer valid-ttl-hops command applies the GTSM on a BGP peer or a BGP peer group.
The undo peer valid-ttl-hops command cancels the GTSM configured on a BGP peer or a BGP peer group.
By default, GTSM is not configured on any BGP peer group.
| Parameter | Description | Value |
|---|---|---|
| group-name |
Specifies the name of a BGP peer group. |
The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| hops |
Specifies the number of TTL hops to be checked. |
The value is an integer that ranges from 1 to 255. The default value is 255. If you specify the parameter hops, the valid range of the TTL value in the packet to be checked is [ 255-hops+1, 255 ]. |
Usage Scenario
To protect a device against the attacks by the forged BGP or BGP4+ packets, you can configure GTSM to check whether the TTL value in the IP packet header is within the valid range.
Prerequisites
Before configuring GTSM for a peer group, you need to run the peer group command to add peers to the peer group.
Implementation Procedure
If you run the undo peer valid-ttl-hops command without specifying any parameter, all the GTSM configurations on a peer or a peer group are deleted.
Precautions
When this command is used in the BGP view, it is also applicable to MP-BGP extensions because they use the same TCP connection.
The GTSM configurations are symmetrical, that is, GTSM must be enabled on both ends of the BGP connection at the same time. NOTE:<HUAWEI> system-view [~HUAWEI] ip vpn-instance vpna [*HUAWEI-vpn-instance-vpna] ipv6-family [*HUAWEI-vpn-instance-vpna-af-ipv6] quit [*HUAWEI-vpn-instance-vpna] quit [*HUAWEI] bgp 100 [*HUAWEI-bgp] ipv6-family vpn-instance vpna [*HUAWEI-bgp-6-vpna] group gtsm-group external [*HUAWEI-bgp-6-vpna] peer gtsm-group valid-ttl-hops 1