set protocols bgp neighbor ttl-security hops
The set protocols bgp neighbor ttl-security hops command enables BGP to establish connection with external peers residing on networks that are not directly connected. By enabling this feature, the received TTL from a BGP peer is compared with the difference "255 - hop-count". BGP messages coming with a TTL less than this value are not accepted. BGP peering will not be established if the TTL in the session establishment is received with a lower value. Also, by enabling this feature the router will send BGP packets with TTL value of 255 to the neighbor. For a neighbor, either TTL security or ebgp-multihop can be configured, not both together. If there are multiple paths to reach the node, then the hop count should be configured considering the longest route.
The delete protocols bgp neighbor ttl-security hops command disables the peer ttl-security-hop feature.
Command Syntax
set protocols bgp [vrf <vrf-name>] {neighbor <ip>| peer-group <peer-group> | interface <interface>} ttl-security hops <HOP-COUNT>
delete protocols bgp [vrf <vrf-name>] {neighbor <ip>| peer-group <peer-group> | interface <interface>} ttl-security hops <HOP-COUNT>
Parameter
Parameter | Description |
vrf <vrf-name> | Optional. Specifies a VRF name. The value is a string. It’s a user-defined VRF set by the command set ip vrf <vrf-name> [description <string>]. |
neighbor <ip> | Specifies the IPv4/IPv6 address of a peer. |
peer-group <peer-group> | Specifies a peer group. |
interface <interface> | Specifies an L3 interface for BGP connection. The value could be a VLAN interface name, loopback interface name, routed interface or sub-interface name. |
ttl-security hops <HOP-COUNT> | Specifies the hop count to reach the neighbor for the eBGP session. Range: 1-254. |
Example
• This example enables the peer ttl-security-hop feature.
admin@XorPlus# set protocols bgp neighbor 2.2.2.2 ttl-security hops 10 admin@XorPlus# commit
Copyright © 2024 Pica8 Inc. All Rights Reserved.