[c-nsp] ttl-security issues
Gert Doering
gert at greenie.muc.de
Wed Jun 27 13:40:45 EDT 2012
Hi,
On Wed, Jun 27, 2012 at 05:54:34AM -0400, Charles Sprickman wrote:
> I enabled this on one and about a minute later the bgp session dropped.
This needs to be enabled on both sides. Default is "send bgp packets
with a TTL of 1" and with ttl-security enabled, your side will *drop*
everything that has a TTL below 254 (and send its own packets with 255).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20120627/2cfb3166/attachment-0001.sig>
More information about the cisco-nsp
mailing list