Direct physical connect. EBGP. No Loopback. I think I remember it having to be an exact hop match. Everywhere I look online says if the incoming packet has a TTL > or = to the configured TTL, it will accept the packet. Can anyone confirm?
Thank you, Chris From: marc abel [mailto:[email protected]] Sent: Wednesday, February 26, 2014 12:10 PM To: Christopher Lemish Cc: OSL CCIE ([email protected]) Subject: Re: [OSL | CCIE_RS] BGP: TTL Security Are you peering between loopbacks? In this case you would need to do ttl-security hops 2. Your neighbor is going to decrement 1 ttl before sending and then local router would decrement 1 before delivering to loopback interface. This probably wouldn't show up in your traceroute, but you would have a ttl of 253. On Wed, Feb 26, 2014 at 10:22 AM, Christopher Lemish <[email protected]<mailto:[email protected]>> wrote: Guys, I just turned up a BGP session for a customer (doing BGP Failover for them). I am using the "neigh ttl-security hops" cmd. A traceroute confirms it is 1 hop away. The Cisco documentation explains that if a TTL is received that equals the TTL value expected or is higher, the router will accept that packet. I was troubleshooting it quickly and the cmd "neigh x.x.x.x ttl-security hops 254" is the only hop count that maintains the BGP session. I thought I recall that the ttl-security cmd "must exactly" match the number of hops away from one of Joe's videos. But, I thought we could use the "neigh x.x.x.x ttl-security hops 1" which means it is 1 hop away and would accept a TTL of 254 or higher, indicating that it is 1 hop away. (TTL=255)-->(TTL=254) PE--------CE The IOS version of this 3925 is the following: Cisco IOS Software, C3900 Software (C3900-UNIVERSALK9-M), Version 15.2(4)M5, RELEASE SOFTWARE (fc2) Thank you, Chris _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc<http://www.youtube.com/ipexpertinc> -- Marc Abel CCIE #35470 (Routing and Switching) _______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
