I believe this knob only affects outbound ttl setting, effetely placing a scope on how far away the remote peer *could* be. It will not prevent acceptance of a connection with an incoming ttl that is less than the value specified, which is the functionality being sought here.
The juniper knob provides outbound protection, while the cisco one provides inbound. IIRC, you can set a jni with multi-hop ttl-3, and we will set ttl = 3 in outgoing packets rather than default of 1/64 for normal/multihop respectively. There is no specific inbound check, other than normal IP sanity checking. The inbound packet could have any TTL from 1-255 and we will accept it. General TTL security may be easy to implement in a software based router, but JUNOS FW filters are done in HW, by ASICS, and not all platforms support full GTTL, as per the cluepon site. As always, if you need a feature request it through the sales channels to help expedite a solution to market. Regards and HTHs -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Truman Boyes Sent: Wednesday, September 03, 2008 2:20 PM To: Bit Gossip Cc: 'Juniper-Nsp' Subject: Re: [j-nsp] ttl-security Bit, http://www.juniper.net/techpubs/software/junos/junos92/swconfig-routing/ multihop.html#id-13320727 Yes you can specify a maximum TTL value. This match is performed on RE, not on the PFE as opposed to a firewall match. Regards, Truman On 3/09/2008, at 5:58 PM, Bit Gossip wrote: > Experts, > do you know if there is a Junos equivalent to the following Cisco: > > rc1(config-router)#neighbor 1.1.1.1 ttl-security hops ? > <1-254> maximum number of hops > > > > Thanks, > Bit > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp