From: Gary Duncanson (gary.duncanson@googlemail.com)
Date: Sun Mar 02 2008 - 18:12:06 ARST
Other than CCO is this feature covered in any of the books on the
recommended reading list?
Thanks
Gary
----- Original Message -----
From: "Todd, Douglas M." <DTODD@PARTNERS.ORG>
To: "Hash Aminu" <hashng@gmail.com>
Cc: <ccielab@groupstudy.com>
Sent: Sunday, March 02, 2008 7:58 PM
Subject: RE: BGP ttl-security
> Hash:
>
> I think you hit it on the head. I need to do a little more reading on
> this
> feature... I was believing that I could use the ttl-security feature in
> place of
> disable-connect-check. ebgp-multihop and disable-connect-check have
> similar
> functions (though not the exact same).
>
> I will need to work with this to see how this works. I understand the
> concept,
> but need to see the action.
>
> ttl-security does not work with ebgp-multihop, but should work with
> disable-connect-check.
>
> I'll need to put the config back to gether. and send it out for clarity.
>
> Thx.
>
> :)
>
> ________________________________
>
> From: Hash Aminu [mailto:hashng@gmail.com]
> Sent: Sun 3/2/2008 11:30 AM
> To: Todd, Douglas M.
> Cc: ccielab@groupstudy.com
> Subject: Re: BGP ttl-security
>
>
>
> Hi Todd,
>
> IMHO you are comparing two features that are not doing the same thing, the
> Multi
> hop feature is to modify the default E-BGPpeering behavior of ttl=1 to
> a
> number higher.
> the ttl security is to tell the peering session that it should only
> accept
> routes that are "equal to or greater than" the configured value.
> For peering to an AS more than one hop (directly connected) away you will
> have
> to use the multi hop feature; while on the other hand an established
> session can
> be secured with the ttl security feature.
>
> the requirements for ttl security are:
>
>
>
> *BGP must be configured in your network and eBGP peering sessions must be
> established.<---Either you use the multi-hop or not depending on your
> peering
> setup.
>
>
> *This feature needs to be configured on each participating router. It
> protects
> the eBGP peering session in the incoming direction only and has no effect
> on
> outgoing IP packets or the remote router. <- therefore you will not use
> the
> trace route from the originating router to test it.
>
>
>
> HTH
>
> Hash
>
>
> On Sun, Mar 2, 2008 at 1:34 PM, Todd, Douglas M. <DTODD@partners.org>
> wrote:
>
>
> Hey All:
>
> (PS: My last name is Todd, First name is Douglas)
>
> I have used the ttl-security feature in place of the ebgp-multihop. My
> routes
> are inaccessible, regardless of the hop count used.
>
> Process:
>
> 1) I do a trace from source to destination
> 2) 4 hops are seen
> 3) add 1 hop to the 4
> 4) I have 5 hops now.
>
> nei a.b.c.d ttl-security hop 4
>
> I have tried 5 hops, 6 hops 7 hops. The neighbor comes up, route are
> inaccessible. If I use multihop, routes are fine.
>
> Some ideas?
>
> Thanks.
>
> Douglas
>
>
>
>
> The information transmitted in this electronic communication is intended
> only
> for the person or entity to whom it is addressed and may contain
> confidential
> and/or privileged material. Any review, retransmission, dissemination or
> other
> use of or taking of any action in reliance upon this information by
> persons or
> entities other than the intended recipient is prohibited. If you
> received this
> information in error, please contact the Compliance HelpLine at
> 800-856-1983 and
> properly dispose of this information.
>
> ______________________________ _________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
> --
> Hash!!!
> CCIE#16818
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:52 ART