06-02-2021 05:15 PM
My router is peered to another via BGP. Pings are allowed but traceroute is not. I am trying to implement ttl security hops, but the configuration causes my peers to drop. It doesn't matter if I set the hop count from 1 to 250, same results. Is traceroute traffic required to use this feature?
Solved! Go to Solution.
06-02-2021 06:50 PM - edited 06-03-2021 12:43 PM
Hi @Adam Soukup ,
> Is traceroute traffic required to use this feature?
traceroute is not used or required by this feature.
Make sure you configure "neighbor x.x.x.x ttl-security" on both neighbors. If the neighbors are directly connected, you need to use "neighbor x.x.x.x ttl-security hops 1" on both sides.
The issue with running the ttl-security only on one side, is that the eBGP neighbor not configured with this feature will send a TTL of 1 by default instead of TTL of 255 when the ttl-security feature is configured. This will cause the neighbor configured with the ttl-security feature to silently drop the packets and the BGP session not to come up.
Regards,
06-02-2021 06:50 PM - edited 06-03-2021 12:43 PM
Hi @Adam Soukup ,
> Is traceroute traffic required to use this feature?
traceroute is not used or required by this feature.
Make sure you configure "neighbor x.x.x.x ttl-security" on both neighbors. If the neighbors are directly connected, you need to use "neighbor x.x.x.x ttl-security hops 1" on both sides.
The issue with running the ttl-security only on one side, is that the eBGP neighbor not configured with this feature will send a TTL of 1 by default instead of TTL of 255 when the ttl-security feature is configured. This will cause the neighbor configured with the ttl-security feature to silently drop the packets and the BGP session not to come up.
Regards,
06-04-2021 02:37 PM
Thank you Harold, perfect explanation. It sounds like I will need to coordinate with peer router owners. Thanks again.
06-04-2021 02:41 PM
You are very welcome Adam.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide