Configuring the LDP GTSM

The LDP generalized TTL security mechanism (GTSM) can be configured on LSRs at both ends of an LDP session.

Context

The GTSM checks TTL values to verify packets and defends devices against attacks. LDP peers with the GTSM and a valid TTL range configured check TTLs in LDP packets exchanged between them. If the TTL in an LDP packet is out of the valid range, this LDP message is considered invalid and discarded. The GTSM defends against CPU-based attacks initiated using a great number of forged packets and protects upper-layer protocols.

Procedure

  • Configuring the LDP GTSM
    1. Run system-view

      The system view is displayed.

    2. Run mpls ldp

      The MPLS-LDP view is displayed.

    3. Run gtsm peer ip-address valid-ttl-hops hops

      The LDP GTSM is configured.

      hops is the maximum number of valid hops permitted by the GTSM. If a TTL value carried in a received packet is in a specified range of [255 - hops + 1, 255], the packet is accepted; if the TTL value is out of the range, the packet is discarded.

    4. Run commit

      The configurations are committed.

Parent Topic: Configuring LDP Security Features
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >