Cisco IOS in a Nutshell, 2nd Edition

Name

neighbor ttl-security — BGP

Synopsis

neighbor ip ttl-security hops hop-count
no neighbor ip ttl-security hops hop-count

Configures

Maximum TTL count for eBGP peers

Default

Disabled

Description

This command enables BGP TTL checking for neighbors. This command is only used on external BGP (eBGP) neighbors. It provides a simple security mechanism for protecting your eBGP routers from possible hijacking attempts. By enabling this feature, only packets with TTL counts that are equal to or higher than the given value are accepted as valid packets. (It is generally considered impossible to forge TTL counts without access to the source or destination network.) If the packet’s TTL value is less than this value, the router discards the packet without generating any ICMP messages. The idea is that we don’t want to generate any error messages that might be sent back to a possible hacker.

Get Cisco IOS in a Nutshell, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cisco IOS in a Nutshell, 2nd Edition by James Boney

Name

Synopsis

Configures

Default

Description

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly