[c-nsp] BGP TTL check (GTSM)
Justin Shore
justin at justinshore.com
Wed Jun 18 15:31:14 EDT 2008
Oliver Boehmer (oboehmer) wrote:
> Just to be sure: your neighbor also enabled this on their end? It needs
> to be enabled on both ends to work..
Gents,
That's the problem. I completely overlooked that part in the
prerequisites section of the docs. My bad.
However, that said, I thought the point of GTSM was to be able to apply
the concept to numerous infrastructure protocols that use IP to
communicate and to do so without requiring support on both ends (which
is commonly an outside entity, hence the justification for this
premise). I thought the basic premise was to configure one end to check
to make sure that the TTL is within a certain range before permitting
the packet through, the point being that only your peer could get a
packet through to your interface with that TTL. I was under the
impression that it was to do this based on the predictable nature of
TTLs on IP packets sourced and and destined to directly-connected L3
peers. I didn't realize that both sides needed configuration.
That said, how often do people find upstream peers that support GTSM?
My upstreams don't seem to do anything other than basic eBGP. Hell we
couldn't even get one of our upstreams (now a former upstream) to do BGP
AUTH with us. Do many upstreams support additional features like GTSM
or BFD for BGP? I'll ask the upstream I'm working with if they'll
support this for us.
Thanks
Justin
More information about the cisco-nsp
mailing list