R3303-HP 6600/HSR6600 Routers Layer 3 - IP Routing Command Reference
286
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] ipv4-family vpn-instance vpn1
[Sysname-bgp-ipv4-vpn1] peer test timer keepalive 0 hold 0
Related commands
timer
peer ttl-security hops (BGP/BGP-VPN instance view)
Use peer ttl-security hops to configure Generalized TTL Security Mechanism (GTSM) to check BGP
packets from the specified peer or peer group.
Use undo peer ttl-security hops to restore the default.
Syntax
peer { group-name | ip-address } ttl-security hops hop-count
undo peer { group-name | ip-address } ttl-security hops
Default
GTSM is not configured.
Views
BGP view, BGP-VPN instance view
Default command level
2: System level
Parameters
group-name: Specifies the name of a peer group, a string of 1 to 47 characters.
ip-address: Specifies the IP address of a peer.
hop-count: Specifies the hop count value in the range of 1 to 254.
Usage guidelines
With the peer ttl-security hops command configured, the device checks whether the TTL in the BGP
packets received from the peer falls into the valid TTL range—255-hop-count+1 to 255. If yes, the packet
is delivered to the CPU. Otherwise, the packet is discarded. Thus, GTSM prevents CPU utilization based
attacks, and enhances system security. In addition, with GTSM configured, the device sends packets with
TTL 255.
The peer ttl-security hops command and the peer ebgp-max-hop command are mutually exclusive.
You must configure GTSM on both the local and peer devices, and you can specify different hop-count
values in a valid range for them.
Examples
# In BGP view, configure GTSM for BGP peer group test.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] peer test ttl-security hops 1
# In BGP-VPN instance view, configure GTSM for BGP peer group test.
<Sysname> system-view