Re: BGP TTL

Not really sure that if this is what you are looking for :

neighbor ip-address ttl-security hops hop-count
Example:

Router(config-router)# neighbor 10.1.1.1 ttl-security hops 2

Please check documentation at :

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gt_btsh.html

Basically it is (255-N) .. Check this out mate .

Regards

Gaurav Madan

On Fri, Oct 21, 2011 at 6:21 PM, CCIE KID <eliteccie_at_gmail.com> wrote:

> Hi Carlos,thank u for ur explanation. Is there any commands which can be
> used to tweak the minimum incoming TTL connections in BGP .
>
>
>
> Thank you
>
> On Fri, Oct 21, 2011 at 5:53 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar
> >wrote:
>
> > TTL serves loop control as a primary function. Data plane.
> > It does not matter much when exactly it is evaluated/decremented,
> > but that it is decremented on each hop and eventually dropped
> > when it gets to 0.
> >
> > Second function (added value) is scoping. I.e. you can control how far
> > this packet will get changing the initial value. So routing protocols
> > use this feature to get an added security that messages are only
> > processed by neighbours, by setting TTL to 1.
> > BGP changes that when you do multihop, obviously.
> >
> > Now, from a security standpoint, someone might want to talk to your
> router
> > when in fact it should not. Here's a third application of TTL:
> > I'd like to call it reverse scoping. By enforcing a minimum TTL above 0
> > (say m), you are in fact restricting anyone that is farther than 255-m
> > from being able to talk to you. That's inbound TTL.
> >
> > Talk about reusing a feature :)
> >
> > -Carlos
> >
> > CCIE KID @ 21/10/2011 8:25 -0300 dixit:
> >
> > Hi fellas,
> >>
> >> I am working on BGP and i find in sh ip bgp neighbor command, the
> incoming
> >> TTL and the outgoing TTL . I understood the outgoing TTL is the one when
> >> the
> >> control plane packets are generated , the TTL in the IP Header will be
> >> 255.
> >> I find the incoming TTL to 0 . Can anyone explain me what is actually
> >> meant
> >> by incoming TTL. My understanding is the incoming TTL is the when the
> >> neighbor send u any BGP Control plane packet, the local router is
> >> expecting
> >> this TTL value in the IP HEader. Am i right ?
> >> So the incoming TTL valus is 0 in my case..
> >>
> >> Router drops a packet with a TTL value of 0. So when the control plane
> >> packet comes. it should be of TTL of 1.
> >> TTL will be only decremented on the outgoing interface and not the
> >> incoming
> >> interface. THe genreal logic says that the TTL of all control plane
> >> packets
> >> of all IGPS will be 1 and so when a router receives this control plane
> >> packet , it is destined to itself , it will update the OSPF or EIGRP RIB
> >> and
> >> in turn do the local computation for the best path .
> >>
> >> My question is whether the where does the TTL decrement happen ? My
> answer
> >> is outbound and for any other control plane packet it will be destined
> to
> >> itslef , so there will be no decrement in the TTL
> >>
> >>
> > --
> > Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
> >
>
>
>
> --
> With Warmest Regards,
>
> CCIE KID
> CCIE#29992 (Security)
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Fri Oct 21 2011 - 18:42:06 ART