Re: BGP ttl-security

From: Fang Gao (fanggao@gmail.com)
Date: Sun Mar 02 2008 - 16:37:21 ARST

• Next message: Todd, Douglas M.: "RE: BGP ttl-security"
• Previous message: Han Solo: "Framerelay fragment map-class option"
• Maybe in reply to: Todd, Douglas M.: "BGP ttl-security"
• Next in thread: Todd, Douglas M.: "RE: BGP ttl-security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi, Douglas,

Did you use "neighbor ttl-security" on both site of the neighborhood? or use
"neighbor ttl-security" on one site and use "neighbor ebgp-multihop" on
another site?

You have to use "neighbor ttl-security hop" in the peer sessions of each
nodes.

The two commands are different on the inital TTL value on the message. The
drop-off TTL threshold are different too.
For example, "neighbor ebgp-multihost 4" set intial value TTL=4 on the peer
message and drop off the peer message if TTL = 0.

"neighbor ttl-threshold hop 4" uses default TTL=255 on the outgoing peer
message and drops off the ingress message if it's TTL = 251.

HTH

On Sun, Mar 2, 2008 at 5:34 AM, Todd, Douglas M. <DTODD@partners.org> wrote:

> Hey All:
>
> (PS: My last name is Todd, First name is Douglas)
>
> I have used the ttl-security feature in place of the ebgp-multihop. My
> routes
> are inaccessible, regardless of the hop count used.
>
> Process:
>
> 1) I do a trace from source to destination
> 2) 4 hops are seen
> 3) add 1 hop to the 4
> 4) I have 5 hops now.
>
> nei a.b.c.d ttl-security hop 4
>
> I have tried 5 hops, 6 hops 7 hops. The neighbor comes up, route are
> inaccessible. If I use multihop, routes are fine.
>
> Some ideas?
>
> Thanks.
>
> Douglas
>
>
>
>
> The information transmitted in this electronic communication is intended
> only
> for the person or entity to whom it is addressed and may contain
> confidential
> and/or privileged material. Any review, retransmission, dissemination or
> other
> use of or taking of any action in reliance upon this information by
> persons or
> entities other than the intended recipient is prohibited. If you received
> this
> information in error, please contact the Compliance HelpLine at
> 800-856-1983 and
> properly dispose of this information.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Todd, Douglas M.: "RE: BGP ttl-security"
• Previous message: Han Solo: "Framerelay fragment map-class option"
• Maybe in reply to: Todd, Douglas M.: "BGP ttl-security"
• Next in thread: Todd, Douglas M.: "RE: BGP ttl-security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Apr 01 2008 - 07:53:52 ART