2.9.1 Establishing the Configuration Task
Before configuring LDP GTSM, familiarize yourself with the applicable environment, complete
the pre-configuration tasks, and obtain the required data.
Applicable Environment
The Generalized TTL Security Mechanism (GTSM) prevents attacks by using the TTL detection.
An attacker simulates real LDP unicast packets and sends the packets in a large quantity to a
node. After receiving the packets, an interface of the LSR directly sends the packets to LDP of
the control plane if the interface finds that the packets are sent by the local node, without checking
the validity of the packets. Because the control plane of the node needs to process the "legal"
packets, the system becomes abnormally busy and CPU usage is high.
GTSM protects the node by checking whether the TTL value in the IP packet header is within
a pre-defined range, and enhances the system security.
Pre-configuration Tasks
Before configuring basic LDP GTSM functions, complete the following tasks:
l Enabling MPLS and MPLS LDP
Data Preparation
To configure the basic LDP GTSM functions, you need the following data.
No.
Data
1 Transport address of an LDP peer
2 Maximum number of valid hops permitted by GTSM
2.9.2 Configuring LDP GTSM
To configure LDP GTSM, configure both LDP peers.
Context
Perform the following steps on the two LDP peers that need to be configured with GTSM:
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
mpls ldp
The MPLS LDP view is displayed.
Huawei AR1200 Series Enterprise Routers
Configuration Guide - MPLS 2 MPLS LDP Configuration
Issue 01 (2011-12-30) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
61
To Next Page
Loading...
