Are you peering between loopbacks? In this case you would need to do ttl-security hops 2. Your neighbor is going to decrement 1 ttl before sending and then local router would decrement 1 before delivering to loopback interface. This probably wouldn't show up in your traceroute, but you would have a ttl of 253.
On Wed, Feb 26, 2014 at 10:22 AM, Christopher Lemish < [email protected]> wrote: > Guys, > > I just turned up a BGP session for a customer (doing BGP Failover for > them). I am using the "neigh ttl-security hops" cmd. A traceroute > confirms it is 1 hop away. The Cisco documentation explains that if a TTL > is received that equals the TTL value expected or is higher, the router > will accept that packet. > > I was troubleshooting it quickly and the cmd "neigh x.x.x.x ttl-security > hops 254" is the only hop count that maintains the BGP session. I thought > I recall that the ttl-security cmd "must exactly" match the number of hops > away from one of Joe's videos. But, I thought we could use the "neigh > x.x.x.x ttl-security hops 1" which means it is 1 hop away and would accept > a TTL of 254 or higher, indicating that it is 1 hop away. > > (TTL=255)-->(TTL=254) > PE--------CE > > The IOS version of this 3925 is the following: > Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version > 15.2(4)M5, RELEASE SOFTWARE (fc2) > > Thank you, > Chris > > _______________________________________________ > Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: > > iPexpert on YouTube: www.youtube.com/ipexpertinc > -- Marc Abel CCIE #35470 (Routing and Switching) _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
