Hi Tyson Though a loopback, since the packet comes from the same router, will the router, decrement the ttl?
Also when it reaches the peer router, it goes to the control plane directly, ttl won't be also decremented on the peer. ttl will be decremented only after the routing right? Hence, if a ttl of 225 is sent from router A in the bgp packet to the peer, it would be still 255. I think, I am really missing something here. Can you please explain, with this configuration what will be the ttl value be when the bgp packet reaches the peer and how was it arrived at? With regards Kings On Thu, May 20, 2010 at 9:43 PM, Tyson Scott <[email protected]> wrote: > With one, which is what it is by default, it would be 254. Remember > loopbacks are 1 hop away so you need the ttl to be 2. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Technical Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* Thursday, May 20, 2010 3:49 AM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] bgp with ttl security > > > > Hi all > > Router A and B are directly connected and the bgp are peered to loopbacks. > > To make it work, we need to configure *ebgp-multihop 2 *on both* *sides. > > For me here it works with ttl-security hops 2. > > I thought it should work with ttl-security hops 1. > > With this configuration, what is the ttl value in the bgp packet sent to > each other. > > Will it be 254 or 253? > > > *router A* > > router bgp 4 > no synchronization > bgp log-neighbor-changes > neighbor 150.1.3.3 remote-as 7 > neighbor 150.1.3.3 ttl-security hops 2 > neighbor 150.1.3.3 update-source Loopback0 > no auto-summary > > interface FastEthernet0/0 > ip address 136.1.0.2 255.255.255.0 > ip flow ingress > duplex auto > speed auto > > interface Loopback0 > ip address 150.1.2.2 255.255.255.0 > > > sh ip bgp neighbors o/p > > Connection state is ESTAB, I/O status: 1, unread input bytes: 0 > Connection is ECN Disabled, Mininum incoming TTL 253, Outgoing TTL 255 > Local host: 150.1.2.2, Local port: 49810 > > *Router B* > > router bgp 7 > no synchronization > bgp log-neighbor-changes > neighbor 150.1.2.2 remote-as 4 > neighbor 150.1.2.2 ttl-security hops 2 > neighbor 150.1.2.2 update-source Loopback0 > no auto-summary > > interface FastEthernet0/0 > ip address 136.1.0.3 255.255.255.0 > duplex auto > speed auto > > interface Loopback0 > ip address 150.1.3.3 255.255.255.0 > > sh ip bgp neighbors o/p > > Connection state is ESTAB, I/O status: 1, unread input bytes: 0 > Connection is ECN Disabled, Mininum incoming TTL 253, Outgoing TTL 255 > Local host: 150.1.3.3, Local port: 179 > > > *Snippet of netflow o/p on router A* > > Fa0/0 150.1.3.3 Local 150.1.2.2 06 C0 > 12 6 > 00B3 /0 0 E2FA /0 0 0.0.0.0 57 > 0.2 > *Min TTL: 255 * Max TTL: 255 > > > The bgp peers are sending a ttl of 255. But then why is it working with > "ttl-security hops 2" only and not with "ttl-security hops 1" > > With regards > Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
