[x]

OSPF commands > ttl-security

 

 Next

ttl-security

Use ttl-security to enable OSPF GTSM for an area.

Use undo ttl-security to disable OSPF GTSM for an area.

Syntax

ttl-security [ hops hop-count ]

undo ttl-security

Default

OSPF GTSM is disabled for an OSPF area.

Views

OSPF area view

Predefined user roles

network-admin

Parameters

hops hop-count: Specifies the hop limit for checking OSPF packets, in the range of 1 to 254. The default hop limit is 1 for packets from common neighbors.

Usage guidelines

The GTSM configuration in OSPF area view applies to all OSPF interfaces in the area. GTSM checks OSPF packets from common neighbors and virtual link neighbors.

GTSM protects the device by comparing the TTL value in the IP header of incoming OSPF packets against a valid TTL range. If the TTL value is within the valid TTL range, the packet is accepted. If not, the packet is discarded.

The valid TTL range is from 255 – the configured hop count + 1 to 255.

When GTSM is configured, the OSPF packets sent by the device have a TTL of 255. To use GTSM, you must configure GTSM on both the local and peer devices. You can specify different hop-count values for them.

The hops keyword configured in interface view takes precedence over the hops keyword configured in OSPF area view.

As a best practice, set the hop limit if a virtual link exists in an area. You can enable GTSM for the interfaces on the virtual link. If you do not know the interfaces on the virtual link, enable GTSM in area view to prevent packet loss.

Examples

# Enable OSPF GTSM for OSPF area 1.

<Sysname> system-view
[Sysname] ospf 100
[Sysname-ospf-100] area 1
[Sysname-ospf-100-area-0.0.0.1] ttl-security

Related commands

ospf ttl-security

prev

 

up

 next

transmit-pacing 

home

 vlink-peer (OSPF area view)

© Copyright 2018 Hewlett Packard Enterprise Development LP