[c-nsp] BGP TTL check (GTSM)

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Wed Jun 18 12:57:10 EDT 2008


Justin Shore <> wrote on Wednesday, June 18, 2008 6:47 PM:

> Has anyone run into any problems with the BGP TTL security check? 
> I've tried to configure it a couple of times on our eBGP peers with
>   no luck. The BGP session is eventually dropped after the hold time
> expires.  It should be extremely easy to configure but for some
> reason it always fails. 
> 
>   neighbor a.b.c.d ttl-security hops 1
> 
> The peer drops after a couple minutes (I forget what the default timer
> values are).  Am I missing something simple?  I'm in the process of
> moving an upstream peer so I'm taking the opportunity to try and make
> this work again with no luck so far.  The peer is eBGP, directly
> connected with no multihop needed.

Just to be sure: your neighbor also enabled this on their end? It needs
to be enabled on both ends to work..

	oli


More information about the cisco-nsp mailing list