From: Todd, Douglas M. (DTODD@PARTNERS.ORG)
Date: Sun Mar 02 2008 - 17:58:21 ARST
Hash:
I think you hit it on the head. I need to do a little more reading on this
feature... I was believing that I could use the ttl-security feature in place of
disable-connect-check. ebgp-multihop and disable-connect-check have similar
functions (though not the exact same).
I will need to work with this to see how this works. I understand the concept,
but need to see the action.
ttl-security does not work with ebgp-multihop, but should work with
disable-connect-check.
I'll need to put the config back to gether. and send it out for clarity.
Thx.
:)
________________________________
From: Hash Aminu [mailto:hashng@gmail.com]
Sent: Sun 3/2/2008 11:30 AM
To: Todd, Douglas M.
Cc: ccielab@groupstudy.com
Subject: Re: BGP ttl-security
Hi Todd,
IMHO you are comparing two features that are not doing the same thing, the Multi
hop feature is to modify the default E-BGPpeering behavior of ttl=1 to a
number higher.
the ttl security is to tell the peering session that it should only accept
routes that are "equal to or greater than" the configured value.
For peering to an AS more than one hop (directly connected) away you will have
to use the multi hop feature; while on the other hand an established session can
be secured with the ttl security feature.
the requirements for ttl security are:
*BGP must be configured in your network and eBGP peering sessions must be
established.<---Either you use the multi-hop or not depending on your peering
setup.
*This feature needs to be configured on each participating router. It protects
the eBGP peering session in the incoming direction only and has no effect on
outgoing IP packets or the remote router. <- therefore you will not use the
trace route from the originating router to test it.
HTH
Hash
On Sun, Mar 2, 2008 at 1:34 PM, Todd, Douglas M. <DTODD@partners.org> wrote:
Hey All:
(PS: My last name is Todd, First name is Douglas)
I have used the ttl-security feature in place of the ebgp-multihop. My
routes
are inaccessible, regardless of the hop count used.
Process:
1) I do a trace from source to destination
2) 4 hops are seen
3) add 1 hop to the 4
4) I have 5 hops now.
nei a.b.c.d ttl-security hop 4
I have tried 5 hops, 6 hops 7 hops. The neighbor comes up, route are
inaccessible. If I use multihop, routes are fine.
Some ideas?
Thanks.
Douglas
The information transmitted in this electronic communication is intended
only
for the person or entity to whom it is addressed and may contain
confidential
and/or privileged material. Any review, retransmission, dissemination or
other
use of or taking of any action in reliance upon this information by
persons or
entities other than the intended recipient is prohibited. If you
received this
information in error, please contact the Compliance HelpLine at
800-856-1983 and
properly dispose of this information.
______________________________ _________________________________________
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
-- Hash!!! CCIE#16818
This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:52 ART