Re: ebgp-multihop vs. disable-connected-check from Petr Lapukhov on 2010-08-09 (Ccielab archives 08/2010)

From: Petr Lapukhov <petr_at_internetworkexpert.com>
Date: Mon, 9 Aug 2010 10:32:03 -0700

Walter,

The "disable-connected-check" option prompts BGP code to skip checking
the session's initiator IP address. It has nothing to do with the
packets TTL. By default, for eBGP sessions, the session's source
address should be on a directly connected subnet. If you source eBGP
session from a Loopback interface to a *directly* connected peer, the
session will pass the TTL check (it's single-hop connection) but will
fail matching against a connected subnet on the terminating router.
Hence enabling the "disable-connected check" option will skip the
source IP address verification for one-hop eBGP session.

Multihop eBGP is designed to traverse more than one hop and does not
implement the source IP address check. Therefore, using the
"disable-connected-check" does not make anyt sense with multihop eBGP,
as it is disabled by default.

HTH,

-- 
Petr Lapukhov, petr_at_INE.com
CCIE #16379 (R&S/Security/SP/Voice)
Internetwork Expert, Inc.
http://www.INE.com
Toll Free: 877-224-8987
Outside US: 775-826-4344
2010/8/9 Walter Gibbons <wgibbons_at_gmail.com>:
> All, I've read the DocCD on both ebgp-multihop and
> disable-connected-check and am failing to see the difference between
> the two command in overcoming TTL limitation when forming ebgp peers.
> What am I missing?
>
> DocCD Says:
>
> neighbor disable-connected-check:
> To disable connection verification to establish an eBGP peering
> session with a single-hop peer that uses a loopback interface, use the
> neighbor disable-connected-check command in address family or router
> configuration mode.
>
> neighbor ebgp-multihop:
> To accept and attempt BGP connections to external peers residing on
> networks that are not directly connected, use the neighbor
> ebgp-multihop command in router configuration mode.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net

Received on Mon Aug 09 2010 - 10:32:03 ART

This archive was generated by hypermail 2.2.0 : Wed Sep 01 2010 - 11:20:52 ART