Configuring GTSM for OSPF
The Generalized TTL Security Mechanism (GTSM) protects the device by comparing the TTL value in the IP header of incoming OSPF packets against a valid TTL range. If the TTL value is within the valid TTL range, the packet is accepted. If not, the packet is discarded.
The valid TTL range is from 255 – the configured hop count + 1 to 255.
When GTSM is configured, the OSPF packets sent by the device have a TTL of 255.
GTSM checks OSPF packets from common neighbors and virtual link neighbors. It does not check OSPF packets from sham link neighbors. For information about GTSM for OSPF sham links, see MPLS Configuration Guide.
You can configure GTSM in OSPF area view or interface view.
The configuration in OSPF area view applies to all OSPF interfaces in the area.
The configuration in interface view takes precedence over OSPF area view.
![[IMPORTANT: ]](images/important.png) | IMPORTANT: To use GTSM, you must configure GTSM on both the local and peer devices. You can specify different hop-count values for them. | |
To configure GTSM in OSPF area view:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter OSPF view. | ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ] * | N/A |
3. Enter OSPF area view. | area area-id | N/A |
4. Enable GTSM for the OSPF area. | ttl-security [ hops hop-count ] | By default, GTSM is disabled for the OSPF area. |
To configure GTSM in interface view:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | N/A |
3. Enable GTSM for the interface. | ospf ttl-security [ hops hop-count | disable ] | By default, GTSM is disabled for the interface. |