RE: BGP - multihop & ttl security

Hi John,

I found a similar thread:

http://ieoc.com/forums/p/9065/69025.aspx

It ends with a "fix" of configuring "disable-connected-check" on both
sides.

Does that work for you? Not sure why it should!

The GTSM RFC (http://www.rfc-editor.org/rfc/rfc3682.txt) has this quote:
"Any directly connected check MUST be disabled for such peerings." Though I
am not sure if it is relevant here.
 
HTH,

Bob Sinclair CCIE 10427 CCSI 30427

CIERS2 Online Instructor

 <http://www.tinyurl.com/ciers2online> www.tinyurl.com/ciers2online

From: Edward John [mailto:edwardjohn2020_at_googlemail.com]
Sent: Tuesday, September 07, 2010 7:39 PM
To: bob_at_bobsinclair.net
Cc: Narbik Kocharians; shiran guez; Cisco certification
Subject: Re: BGP - multihop & ttl security

Hi Bob,

below is the reachability info between loop back..

PE1#show ip route 10.1.1.100

Routing entry for 10.1.1.100/32

  Known via "isis", distance 115, metric 10, type level-2

  Redistributing via isis

  Last update from 172.16.111.2 on Serial2/0.100, 01:38:44 ago

  Routing Descriptor Blocks:

  * 172.16.111.2, from 10.1.1.100, via Serial2/0.100

      Route metric is 10, traffic share count is 1

PE1#ping 10.1.1.100 so lo 0 re 10

Type escape sequence to abort.

Sending 10, 100-byte ICMP Echos to 10.1.1.100, timeout is 2 seconds:

Packet sent with a source address of 10.1.1.1

!!!!!!!!!!

Success rate is 100 percent (10/10), round-trip min/avg/max = 4/26/64 ms

PE1#show ip bgp | include 10.1.1.100

* 0.0.0.0 10.1.1.100 0 100 200 i

* 101.101.101.0/24 10.1.1.100 0 0 100 i

* 172.16.111.0/24 10.1.1.100 0 0 100 i

* 172.16.113.0/24 10.1.1.100 0 100 200 i

Regards,

John

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.851 / Virus Database: 271.1.1/3118 - Release Date: 09/07/10
14:43:00

Blogs and organic groups at http://www.ccie.net
Received on Tue Sep 07 2010 - 21:25:52 ART