[c-nsp] BGP TTL check (GTSM)
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Wed Jun 18 12:57:10 EDT 2008
Justin Shore <> wrote on Wednesday, June 18, 2008 6:47 PM:
> Has anyone run into any problems with the BGP TTL security check?
> I've tried to configure it a couple of times on our eBGP peers with
> no luck. The BGP session is eventually dropped after the hold time
> expires. It should be extremely easy to configure but for some
> reason it always fails.
>
> neighbor a.b.c.d ttl-security hops 1
>
> The peer drops after a couple minutes (I forget what the default timer
> values are). Am I missing something simple? I'm in the process of
> moving an upstream peer so I'm taking the opportunity to try and make
> this work again with no luck so far. The peer is eBGP, directly
> connected with no multihop needed.
Just to be sure: your neighbor also enabled this on their end? It needs
to be enabled on both ends to work..
oli
More information about the cisco-nsp
mailing list