The set protocols bgp neighbor ttl-security hops command enables BGP to establish connection with external peers residing on networks that are not directly connected. By enabling this feature, the received TTL from a BGP peer is compared with the difference "255 - hop-count". BGP messages coming with a TTL less than this value are not accepted. BGP peering will not be established if the TTL in the session establishment is received with a lower value. Also, by enabling this feature the router will send BGP packets with TTL value of 255 to the neighbor. For a neighbor, either TTL security or ebgp-multihop can be configured, not both together. If there are multiple paths to reach the node, then the hop count should be configured considering the longest route.
The delete protocols bgp neighbor ttl-security hops command disables the peer ttl-security-hop feature.
Command Syntax
set protocols bgp [vrf <vrf-name>] neighbor <protocol bgppeer> ttl-security hops <HOP-COUNT>
delete protocols bgp [vrf <vrf-name>] neighbor <protocol bgppeer> ttl-security hops <HOP-COUNT>
Parameter
Parameter | Description |
vrf <vrf-name> | Optional. Specifies a VRF name. The value is a string. It’s a user-defined VRF set by the command set ip vrf <vrf-name> [description <string>]. |
neighbor <protocol bgppeer> | Specifies an IP address of neighbor. |
ttl-security hops <HOP-COUNT> | Specifies the hop count to reach the neighbor for the eBGP session. Range: 1-255. |
Example
• This example enables the peer ttl-security-hop feature.
admin@XorPlus# set protocols bgp neighbor 2.2.2.2 ttl-security hops 10 admin@XorPlus# commit