No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R011C10 Configuration Guide - IP Unicast Routing

This document describes IP Unicast Routing configurations supported by the switch, including the principle and configuration procedures of IP Routing Overview, Static Route, RIP, RIPng, OSPF, Routing Policy ,and PBR, and provides configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Improving OSPFv3 Network Security

Improving OSPFv3 Network Security

Usage Scenario

If an OSPFv3 network requires high security, you can configure OSPFv3 generalized TTL security mechanism (GTSM) and an authentication mode to improve network security.

  • During network attacks, attackers may simulate OSPFv3 unicast packets and continuously send them to the switch. If the packets are destined for the switch, it directly forwards them to the control plane for processing without validating them. As a result, the increased processing workload on the control plane leads to high CPU usage. GTSM protects the switch against potential attacks and improves system security by checking whether the time to live (TTL) value in each IP packet header is within a pre-defined range.

    NOTE:

    OSPFv3 GTSM takes effect only on unicast packets and therefore applies to virtual links and sham links.

  • In OSPFv3 authentication, an authentication field is added to each OSPFv3 packet for encryption. When a local device receives an OSPFv3 packet from a remote device, the local device discards the packet if the authentication password carried in the packet is different from the local one, which protects the local device against potential attacks. Therefore, OSPFv3 authentication improves network security.

Pre-configuration Tasks

Before improving OSPFv3 network security, complete the following tasks:

  • Configure an IP address for each interface to ensure that neighboring routers can use the IP addresses to communicate with each other.

  • Configure basic OSPFv3 functions.

Translation
Download
Updated: 2019-09-23

Document ID: EDOC1000178018

Views: 130136

Downloads: 17

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next