BGP - multihop & ttl security

Hi,

Is there a relation between TTL-security in bgp neighbor and route-selection
from BGP table?
I have an eBGP peering (based on loopback source, where loopback
reachability is using IGP-ISIS).

If I configure ebgp-multihop I see the routes are chosen best from the BGP
table. And if I configure ttl-security routes are not chosen and shown
nexthop inaccessible?
In both the case Peer is coming up.

Setup is as follows:

PE1 - ASBR1

***********PE1 Config**************

hostname PE1
!
!
key chain ISIS
 key 1
  key-string CISCO
!
interface Loopback0
 ip address 10.1.1.1 255.255.255.255
 ip pim sparse-dense-mode
 no clns route-cache
!
interface Loopback1
 ip address 11.11.11.11 255.255.255.0
 no clns route-cache
!
!
interface Serial2/0
 dampening 25 500 100 100 restart 120
 mtu 17000
 no ip address
 encapsulation frame-relay
 no keepalive
 serial restart-delay 0
 no frame-relay inverse-arp
!
interface Serial2/0.100 multipoint
 ip address 172.16.111.1 255.255.255.0
 ip router isis
 frame-relay map ip 172.16.111.2 100 broadcast
 frame-relay map ip 172.16.111.1 100
 frame-relay map clns 100 broadcast
 frame-relay interface-dlci 100
 no frame-relay inverse-arp
 clns mtu 9216
 isis circuit-type level-2-only
 isis authentication mode md5 level-2
 isis authentication key-chain ISIS level-2
 isis hello-interval 58 level-2
!
!
router isis
 net 48.0000.0002.0002.00
 area-password iementor
 authentication mode md5 level-2
 authentication key-chain ISIS level-2
 metric-style wide
 no hello padding multi-point
 redistribute isis ip level-2 into level-1 distribute-list 100
 passive-interface Loopback0
 default-information originate
!
!
router bgp 65001
 bgp router-id 10.1.1.1
 no bgp fast-external-fallover
 bgp log-neighbor-changes
 neighbor 10.1.1.100 remote-as 100
 neighbor 10.1.1.100 ebgp-multihop 2
 neighbor 10.1.1.100 update-source Loopback0
 neighbor 10.1.1.254 remote-as 65001
 neighbor 10.1.1.254 update-source Loopback0
 !
 address-family ipv4
 neighbor 10.1.1.100 activate
 neighbor 10.1.1.254 activate
 neighbor 140.100.1.2 activate
 neighbor 140.100.1.2 filter-list 10 out
 no auto-summary
 no synchronization
 network 11.11.11.0 mask 255.255.255.0
 exit-address-family
!
!
ip as-path access-list 10 permit ^$
!
access-list 100 permit ip any any
!
!

PE1#show ip bgp | include 10.1.1.100
*> 0.0.0.0 10.1.1.100 0 100 200 i
*> 101.101.101.0/24 10.1.1.100 0 0 100 i
r> 172.16.111.0/24 10.1.1.100 0 0 100 i
*> 172.16.113.0/24 10.1.1.100 0 100 200 i
PE1#

***********ASBR1 Config****************
hostname ASBR1
!

key chain ISIS
 key 1
  key-string CISCO
!
!
interface Serial1/2
 mtu 9216
 ip address 172.16.111.2 255.255.255.0
 ip router isis
 encapsulation frame-relay
 no keepalive
 serial restart-delay 0
 no arp frame-relay
 frame-relay map ip 172.16.111.1 100 broadcast
 frame-relay map ip 172.16.111.2 100 broadcast
 frame-relay map clns 100 broadcast
 frame-relay interface-dlci 100
 no frame-relay inverse-arp
 isis circuit-type level-2-only
 isis authentication mode md5 level-2
 isis authentication key-chain ISIS level-2
 isis hello-interval 58 level-2
 no isis hello padding
!
!
router isis
 net 48.0000.0100.0100.00
 authentication mode md5 level-2
 authentication key-chain ISIS level-2
 metric-style wide
 max-lsp-lifetime 120
 lsp-refresh-interval 60
 log-adjacency-changes
 passive-interface Loopback0
!
router bgp 100
 no synchronization
 bgp router-id 10.1.1.100
 bgp log-neighbor-changes
 network 101.101.101.0 mask 255.255.255.0
 network 172.16.111.0 mask 255.255.255.0
 neighbor 10.1.1.1 remote-as 65001
 neighbor 10.1.1.1 ebgp-multihop 2
 neighbor 10.1.1.1 update-source Loopback0
 neighbor 10.1.1.200 remote-as 200
 neighbor 10.1.1.200 disable-connected-check
 neighbor 10.1.1.200 update-source Loopback0
 neighbor 10.1.1.200 route-map PREPEND out
 no auto-summary
!
!
route-map PREPEND permit 10
 set as-path prepend 65535
!

IF I change to ttl-security instead of ebgp-multihop for the peer between
10.1.1.100 & 10.1.1.1:

*********FROM PE1*********
router bgp 65001
 bgp router-id 10.1.1.1
 no bgp fast-external-fallover
 bgp log-neighbor-changes
 neighbor 10.1.1.100 remote-as 100
 neighbor 10.1.1.100 ttl-security hops 2
 neighbor 10.1.1.100 update-source Loopback0
 neighbor 10.1.1.254 remote-as 65001
 neighbor 10.1.1.254 update-source Loopback0

***********FROM ASBR1**********
!
router bgp 100
 no synchronization
 bgp router-id 10.1.1.100
 bgp log-neighbor-changes
 network 101.101.101.0 mask 255.255.255.0
 network 172.16.111.0 mask 255.255.255.0
 neighbor 10.1.1.1 remote-as 65001
 neighbor 10.1.1.1 ttl-security hops 2
 neighbor 10.1.1.1 update-source Loopback0
!
PE1#show ip bgp summary
BGP router identifier 10.1.1.1, local AS number 65001
BGP table version is 33, main routing table version 33
26 network entries using 2938 bytes of memory
26 path entries using 1352 bytes of memory
13/10 BGP path/bestpath attribute entries using 1404 bytes of memory
2 BGP rrinfo entries using 48 bytes of memory
5 BGP AS-PATH entries using 120 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
10 BGP filter-list cache entries using 120 bytes of memory
BGP using 5982 total bytes of memory
BGP activity 156/130 prefixes, 177/151 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
 State/PfxRcd
10.1.1.100 4 100 342 367 33 0 0 00:02:30 4
10.1.1.254 4 65001 326 277 33 0 0 00:22:29 12
140.100.1.2 4 1540 281 316 33 0 0 00:22:29 9
*PE1#show ip bgp | include 10.1.1.100*
** 0.0.0.0 10.1.1.100 0 100 200 i*
** 101.101.101.0/24 10.1.1.100 0 0 100 i*
** 172.16.111.0/24 10.1.1.100 0 0 100 i*
** 172.16.113.0/24 10.1.1.100 0 100 200 i*

PE1#show ip bgp 101.101.101.0
BGP routing table entry for 101.101.101.0/24, version 0
Paths: (1 available, no best path)
  Not advertised to any peer
  100
    10.1.1.100 *(inaccessible)* from 10.1.1.100 (10.1.1.100)
      Origin IGP, metric 0, localpref 100, valid, external

-- 
*Regards,*
*John*
Blogs and organic groups at http://www.ccie.net