O'Reilly logo

Cisco IOS in a Nutshell, 2nd Edition by James Boney

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Name

neighbor ttl-security — BGP

Synopsis

neighbor ip ttl-security hops hop-count
no neighbor ip ttl-security hops hop-count

Configures

Maximum TTL count for eBGP peers

Default

Disabled

Description

This command enables BGP TTL checking for neighbors. This command is only used on external BGP (eBGP) neighbors. It provides a simple security mechanism for protecting your eBGP routers from possible hijacking attempts. By enabling this feature, only packets with TTL counts that are equal to or higher than the given value are accepted as valid packets. (It is generally considered impossible to forge TTL counts without access to the source or destination network.) If the packet’s TTL value is less than this value, the router discards the packet without generating any ICMP messages. The idea is that we don’t want to generate any error messages that might be sent back to a possible hacker.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required