Hi all Router A and B are directly connected and the bgp are peered to loopbacks.
To make it work, we need to configure *ebgp-multihop 2 *on both* *sides. For me here it works with ttl-security hops 2. I thought it should work with ttl-security hops 1. With this configuration, what is the ttl value in the bgp packet sent to each other. Will it be 254 or 253? *router A* router bgp 4 no synchronization bgp log-neighbor-changes neighbor 150.1.3.3 remote-as 7 neighbor 150.1.3.3 ttl-security hops 2 neighbor 150.1.3.3 update-source Loopback0 no auto-summary interface FastEthernet0/0 ip address 136.1.0.2 255.255.255.0 ip flow ingress duplex auto speed auto interface Loopback0 ip address 150.1.2.2 255.255.255.0 sh ip bgp neighbors o/p Connection state is ESTAB, I/O status: 1, unread input bytes: 0 Connection is ECN Disabled, Mininum incoming TTL 253, Outgoing TTL 255 Local host: 150.1.2.2, Local port: 49810 *Router B* router bgp 7 no synchronization bgp log-neighbor-changes neighbor 150.1.2.2 remote-as 4 neighbor 150.1.2.2 ttl-security hops 2 neighbor 150.1.2.2 update-source Loopback0 no auto-summary interface FastEthernet0/0 ip address 136.1.0.3 255.255.255.0 duplex auto speed auto interface Loopback0 ip address 150.1.3.3 255.255.255.0 sh ip bgp neighbors o/p Connection state is ESTAB, I/O status: 1, unread input bytes: 0 Connection is ECN Disabled, Mininum incoming TTL 253, Outgoing TTL 255 Local host: 150.1.3.3, Local port: 179 *Snippet of netflow o/p on router A* Fa0/0 150.1.3.3 Local 150.1.2.2 06 C0 12 6 00B3 /0 0 E2FA /0 0 0.0.0.0 57 0.2 *Min TTL: 255 * Max TTL: 255 The bgp peers are sending a ttl of 255. But then why is it working with "ttl-security hops 2" only and not with "ttl-security hops 1" With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
