Configuring OSPF GTSM
Context
To apply GTSM, you need to enable GTSM on both ends of an OSPF connection.
The valid TTL range of packets is [255 -hops + 1, 255].
GTSM checks the TTL values of only the packets that match the GTSM policy. For the packets that do not match the GTSM policy, you can configure the policy to pass or drop them. If the default action on such packets is set to drop, you need to configure all switch connections in the GTSM policy. If packets sent from a switch do not match the GTSM policy, they are dropped, and thereby no connection can be established. This ensures security but reduces the ease of use.
You can enable the log function to record the information about dropped packets to facilitate fault locating.
Procedure
- Run system-view
The system view is displayed.
- Run ospf valid-ttl-hops hops [ nonstandard-multicast ] [ vpn-instance vpn-instance-name ]
OSPF GTSM is configured.
The ospf valid-ttl-hops command has two functions:
-
Enabling OSPF GTSM
-
Configuring the valid TTL range
The parameter vpn-instance is valid only for the latter function.
Therefore, if only a private network policy or only a public network policy is configured, you are advised to set the default action to be performed on the packets that do not match the GTSM policy to pass. This prevents the OSPF packets of other processes from being discarded incorrectly.
-
- Run commit
The configuration is committed.
