No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - IP Unicast Routing

S7700 and S9700 V200R013C00

This document describes the configurations of IP Unicast Routing, including IP Routing, Static Route, RIP, RIPng, OSPF, OSPFv3, IPv4 IS-IS, IPv6 IS-IS, BGP, Routing Policy, IP Routing Table Management, and PBR.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Improving OSPFv3 Network Security

Improving OSPFv3 Network Security

Usage Scenario

If an OSPFv3 network requires high security, you can configure OSPFv3 generalized TTL security mechanism (GTSM) and an authentication mode to improve network security.

  • During network attacks, attackers may simulate OSPFv3 unicast packets and continuously send them to the switch. If the packets are destined for the switch, it directly forwards them to the control plane for processing without validating them. As a result, the increased processing workload on the control plane leads to high CPU usage. GTSM protects the switch against potential attacks and improves system security by checking whether the time to live (TTL) value in each IP packet header is within a pre-defined range.

    NOTE:

    OSPFv3 GTSM takes effect only on unicast packets and therefore applies to virtual links and sham links.

  • In OSPFv3 authentication, an authentication field is added to each OSPFv3 packet for encryption. When a local device receives an OSPFv3 packet from a remote device, the local device discards the packet if the authentication password carried in the packet is different from the local one, which protects the local device against potential attacks. Therefore, OSPFv3 authentication improves network security.

Pre-configuration Tasks

Before improving OSPFv3 network security, complete the following tasks:

  • Configure an IP address for each interface to ensure that neighboring routers can use the IP addresses to communicate with each other.

  • Configure basic OSPFv3 functions.

Translation
Download
Updated: 2019-04-08

Document ID: EDOC1100065744

Views: 65739

Downloads: 50

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next