neighbor ttl-security-hops

Syntax

neighbor {<IP-ADDRESS> | <PEER-GROUP-NAME>} ttl-security-hops <HOP-COUNT>

no neighbor {<IP-ADDRESS> | <PEER-GROUP-NAME>} ttl-security-hops <HOP-COUNT>

Description

This command enables BGP to establish connection with external peers residing on networks that are not directly connected. By enabling this feature, the received TTL from a BGP peer is compared with the difference "255 - hop-count". BGP messages coming with a TTL less than this value are not accepted. BGP peering will not be established if the TTL in the session establishment is received with a lower value. Also, by enabling this feature the router will send BGP packets with TTL value of 255 to the neighbor. For a neighbor, either TTL security or ebgp-multihop can be configured, not both together. If there are multiple paths to reach the node, then the hop count should be configured considering the longest route.

The no form of this command disables the peer ttl-security-hop feature.

Command context

config-bgp

Parameters

<IP-ADDRESS>

Specifies an IP address.

<PEER-GROUP-NAME>

Specifies a peer group.

<HOP-COUNT>

Specifies the hop count to reach the neighbor for the eBGP session. Range: 1-255.

Authority

Administrators

Examples

switch(config-bgp)# neighbor 1.1.1.1 ttl-security-hops 10
switch(config-bgp)# no neighbor 1.1.1.1 ttl-security-hops
switch(config-bgp)# neighbor pg ttl-security-hops 5
switch(config-bgp)# no neighbor pg ttl-security-hops