Hi all I have two BGP peers connected as following:
L0 (3.3.3.3) R1 F0/0 (10.20.30.40) ------------------- (10.20.30.44) R2 L0 (4.4.4.4) R1 neighbor 4.4.4.4 remote-as 3 neigbhor 4.4.4.4 update-source l0 R2 neighbor 3.3.3.3 remote-as 4 neigbhor 3.3.3.3 update-source l0 The BGP session comes up, when I configure either bgp neigbhor *ttl-security hop 2* or neighbor *ebgp-multihop 2* or neigbhor *disable-conected-check*. *ebgp-multihop 2 * ** By default, BGP sends the packet with TTL 255 and is 253 when it reaches the loopback . *ebgp-multihop 2 *accepts bgp connection that can be 2 hops away. *disable-conected-check* ** This command removes the check of directly connected for which TTL = 254. ** *ttl-security hop 2* ** *Definition from cisco * TTL Security Check protects the eBGP neighbor session by comparing the value in the TTL field of received IP packets against a hop count that is configured locally for each eBGP neighbor session. If the value in the TTL field of the incoming IP packet is greater than or equal to the locally configured value, the IP packet is accepted and processed normally. If the TTL value in the IP packet is less than the locally configured value, the packet is silently discarded and no ICMP message is generated. This is designed behavior; a response to a forged packet is unnecessary. My understading is that BGP packet comes with ttl of 255 and since 255 > 2, BGP is allowed to establish. I think, I am wromg here. Can someone please explain, the three options. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
