Name
neighbor ttl-security — BGP
Synopsis
neighbor ip ttl-security hopshop-countno neighbor ip ttl-security hopshop-count
Configures
Maximum TTL count for eBGP peers
Default
Disabled
Description
This command enables BGP TTL checking for neighbors. This command is only used on external BGP (eBGP) neighbors. It provides a simple security mechanism for protecting your eBGP routers from possible hijacking attempts. By enabling this feature, only packets with TTL counts that are equal to or higher than the given value are accepted as valid packets. (It is generally considered impossible to forge TTL counts without access to the source or destination network.) If the packet’s TTL value is less than this value, the router discards the packet without generating any ICMP messages. The idea is that we don’t want to generate any error messages that might be sent back to a possible hacker.