No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - IP Unicast Routing

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes the concepts and configuration procedures of IP Service features on the device, and provides the configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Improving the Security of an OSPF Network

Improving the Security of an OSPF Network

On a network demanding high security, you can configure OSPF authentication and the GTSM to improve the security of the OSPF network.

Applicable Environment

In a network demanding high security, you can configure OSPF authentication and adopt the GTSM mechanism to improve the security of the OSPF network.

The GTSM mechanism defends against attacks by checking the TTL value. If an attacker keeps sending packets to a router by simulating real OSPF unicast packets, the router finds that itself is the destination of the packets after the interface board receives these packets. The router directly sends the packets to the control plane for OSPF processing without checking the validity of the packets. The router busies itself with processing these "valid" packets. As a result, the system is busy, and the CPU is highly occupied.

The GTSM mechanism protects a router by checking whether the TTL value in the IP packet header is in a pre-defined range to enhance the system security.

NOTE:

GTSM supports only unicast addresses; therefore, in OSPF, GTSM takes effect on the virtual link and the sham link.

Pre-configuration Tasks

Before improving the security of an OSPF network, complete the following tasks:

Configuration Procedure

Perform one or more configuration tasks (excluding the task of Verifying the OSPF Network Security Optimization Configuration) as required.

Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034072

Views: 111354

Downloads: 163

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next