Hi Tyson There is a router in between and BGP is not using loopback. Then the peer will send out with TTL of 255 and when it reaches remote peer, it will be 254.
Also even if the BGP peer are connected directly, ttl-security hops 1 didn't work for me. Hence, ttl-security hops 1 is not valid. Hence I feel the question should be "2 hop away" and solution should be "ttl-security hops 2". Please correct me, if I am wrong. With regards Kings On Mon, Jun 21, 2010 at 8:12 PM, Tyson Scott <[email protected]> wrote: > Well the routers have a device between them so you need the TTL set to 2 > just like the question shows. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Managing Partner / Sr. Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* Vybhav Ramachandran [mailto:[email protected]] > *Sent:* Monday, June 21, 2010 10:29 AM > *To:* Tyson Scott; OSL Security > *Subject:* Re: [OSL | CCIE_Security] TTL-Security > > > > Hello Tyson, > > > > Well, there are no loopbacks involved here. Here's the question : > > > > Configure eBGP session between R1 and R2 and make both routers accept the > peer if it's no more than one hop away. > > Use AS numbers 100 and 200 for R1 and R2 respectively. > > > > The toplogy is > > > > R1<-------->R3<--------->R2 > > > > Cheers, > > TacACK > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
