beautypg.com

Generalized ttl security mechanism support, Generalized ttl – Brocade Multi-Service IronWare Routing Configuration Guide (Supporting R05.6.00) User Manual

Page 144

background image

116

Multi-Service IronWare Routing Configuration Guide

53-1003033-02

Generalized TTL Security Mechanism support

Device 1 and 2

The show ip route output for device 1 and device 2 shows “drop” under the Port column for the
network prefixes you configured with null0 routing

Generalized TTL Security Mechanism support

The device supports the Generalized TTL Security Mechanism (GTSM) as defined in RFC 3682.
GTSM protects the device from attacks of invalid BGP4 control traffic that is sent to overload the
CPU or hijack the BGP4 session. GTSM protection applies to EBGP neighbors only.

When GTSM protection is enabled, BGP4 control packets sent by the device to a neighbor have a
Time To Live (TTL) value of 255. In addition, the device expects the BGP4 control packets received
from the neighbor to have a TTL value of either 254 or 255. For multihop peers (where the
ebgp-multihop option is configured for the neighbor), the device expects the TTL for BGP4 control
packets received from the neighbor to be greater than or equal to 255, minus the configured
number of hops to the neighbor. If the BGP4 control packets received from the neighbor do not
have the anticipated value, the device drops them.

For more information on GTSM protection, see RFC 3682.

To enable GTSM protection for neighbor 192.168.9.210 (for example), enter the following
command.

Brocade(config-bgp-router)# neighbor 192.168.9.210 ebgp-btsh

Syntax: [no] neighbor ip-addr | peer-group-name ebgp-btsh

NOTE

For GTSM protection to work properly, it must be enabled on both the device and the neighbor.

Brocade#show ip route

Total number of IP routes: 133

Type Codes - B:BGP D:Connected S:Static R:RIP O:OSPF; Cost - Dist/Metric

Destination Gateway Port Cost Type

1 10.9.1.24/32 DIRECT loopback 1 0/0 D

2 10.30.1.0/24 DIRECT eth 2/7 0/0 D

3 10.40.1.0/24 DIRECT eth 2/1 0/0 D

.

13 10.110.0.6/31 10.90.1.3 eth 2/2 20/1 B

14 10.110.0.16/30 10.90.1.3 eth 2/2 20/1 B

15 10.110.0.40/29 DIRECT drop 200/0 B

. .. . . . .

42 10.115.0.192/27 DIRECT drop 200/0 B

43 10.115.1.128/26 10.30.1.3 eth 2/7 20/1 B

. .. . . . .

69 10.120.7.0/24 10.70.1.3 eth 2/10 20/1 B

70 10.120.14.0/23 DIRECT drop 200/0 B

. .. . . . .

. .. . . . .

131 10.144.0.0/12 10.80.1.3 eth 3/4 20/1 B

132 12.168.0.1/32 DIRECT drop 1/1 S

Brocade#

See also other documents in the category Brocade Computer Accessories: