1. Introduction

   The Generalized TTL Security Mechanism (GTSM) is designed to protect
   a router's TCP/IP based control plane from CPU-utilization based
   attacks.  In particular, while cryptographic techniques can protect
   the router-based infrastructure (e.g., BGP [RFC1771], [RFC1772]) from
   a wide variety of attacks, many attacks based on CPU overload can be
   prevented by the simple mechanism described in this document.  Note
   that the same technique protects against other scarce-resource
   attacks involving a router's CPU, such as attacks against
   processor-line card bandwidth.

   GTSM is based on the fact that the vast majority of protocol peerings
   are established between routers that are adjacent [PEERING].  Thus
   most protocol peerings are either directly between connected
   interfaces or at the worst case, are between loopback and loopback,
   with static routes to loopbacks.  Since TTL spoofing is considered
   nearly impossible, a mechanism based on an expected TTL value can
   provide a simple and reasonably robust defense from infrastructure
   attacks based on forged protocol packets.

   Finally, the GTSM mechanism is equally applicable to both TTL (IPv4)
   and Hop Limit (IPv6), and from the perspective of GTSM, TTL and Hop
   Limit have identical semantics.  As a result, in the remainder of
   this document the term "TTL" is used to refer to both TTL or Hop
   Limit (as appropriate).

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in BCP 14, RFC 2119
   [RFC2119].