Improving the Security of an OSPF Network

Enterprise

Worldwide

Huawei Global - English

- South Africa - English
- Morocco - English
- Brazil - Português
- Mexico - Español
- United Arab Emirates - English
- Saudi Arabia - English
- Australia - English
- China - 简体中文
- Hong Kong, China - English
- India - English
- Japan - 日本語
- South Korea- English
- Kazakhstan - русский
- Malaysia - English
- Singapore - English
- Indonesia - English
- Thailand - English
- Philippines - English
- Austria - Deutsch
- Czech - English
- France - Français
- Germany - Deutsch
- Greece - English
- Hungary- English
- Italy - Italiano
- Poland - English
- Sweden - English
- Russia - русский
- Spain - Español
- Turkey - Türkçe
- United Kingdom - English
- Ukraine - English

Menu
Products and Services
Industries
Technical Support
Partners
Community

Most people search for
Switches Routers Servers Storage Data Center Energy Cloud Computing

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R009 CLI-based Configuration Guide - IP Unicast Routing

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Improving the Security of an OSPF Network

On a network demanding high security, you can configure OSPF authentication and the GTSM to improve the security of the OSPF network.

Applicable Environment

In a network demanding high security, you can configure OSPF authentication and adopt the GTSM mechanism to improve the security of the OSPF network.

The GTSM mechanism defends against attacks by checking the TTL value. If an attacker keeps sending packets to a router by simulating real OSPF unicast packets, the router finds that itself is the destination of the packets after the interface board receives these packets. The router directly sends the packets to the control plane for OSPF processing without checking the validity of the packets. The router busies itself with processing these "valid" packets. As a result, the system is busy, and the CPU is highly occupied.

The GTSM mechanism protects a router by checking whether the TTL value in the IP packet header is in a pre-defined range to enhance the system security.

GTSM supports only unicast addresses; therefore, in OSPF, GTSM takes effect on the virtual link and the sham link.

Pre-configuration Tasks

Before improving the security of an OSPF network, complete the following tasks:

Configuring IP addresses for interfaces to ensure that neighboring nodes are reachable at the network layer
Configuring Basic OSPF Functions

Configuration Procedure

Perform one or more configuration tasks (excluding the task of Verifying the OSPF Network Security Optimization Configuration) as required.

Translation

简体中文

Download

Updated: 2022-05-16

Document ID: EDOC1000174069

Downloads: 505

Average rating:

This Document Applies to these Products

Applicable Environment

Pre-configuration Tasks

Configuration Procedure

Related Version

Related Documents