11-16-2009 02:52 AM - edited 03-04-2019 06:43 AM
hi guys
i have a strange issue
when i confugre to bgp hops like bellow
lo0--R1--OSPF--R2--OSPF--R3--lo0
R1-----------EBGP--------R3
i used the command ttl-security hops 3 on both sides
the bgp session is and established
the loopbacks advertised in bgp apear in the BGP routing table
BUT
dose not apear in the routing table
in bgp routing table it says that next hope inaceesable
however the next is accessable
becuase i can ping, sse it inospf routing
and the peering is up as well
same case with ebgp multihops works
by the way the peering between the EBGP peers through tier loopbacks address
any idea !!
11-16-2009 03:05 AM
Hi,
I dont understand..
whats the real problem here? The BGP nexthop or some thing else? If the Nexthop is not in the routing table, then it would be inaccessible in the BGP table (Normal)
The TTL of 3 shouldnt affect your BGP neighbor relationship establishment.
HTH
Mohamed
11-16-2009 04:24 AM
hi Mohamed
the lo0 of both bgp peers advertised thorugh ospf
and reachable through the IGP
but there are som other lo interfaces advertised thorugh bgp
its shown in the bgp table but as not advertised
and showing the next hope ( the other peer lo0) as inaccessable
i would say without ttl 3 no peer will be established as t is not directlyu connected EBGP peers
as i mentioned this topolog works fine if i use ebgp-multihope command instead of ttl security
is it more clear now
i found it strange
11-16-2009 07:01 AM
Hello Marwan,
the TTL security mechanism should tell what is the expected TTL on received BGP packet from peer to consider it valid.
see
I think you should use both commands if these are eBGP sessions
Hope to help
Giuseppe
11-16-2009 02:38 PM
hi Gusseppe
according to this linke which i seen it before
The neighbor ebgp-multihop command is not needed when this feature is configured for a multihop neighbor session and should be disabled before configuring this feature
so we can NOT use both of them
try it
when you have ebgp-multi
and you enter the ttl command it will give error messege tell you you can't have both of them !!!
thats why i found it strange becuase in term of TTL in and out all good thats why i got my peering seesion up
but why it tells next hop in accessable
i still wonderring
anyway thank you for your time
11-16-2009 11:50 PM
Hello Marwan,
I've realized later I had suggested a wrong idea.
you should verify if:
the BGP next-hop of routes is known in routing table.
this is the standard check and this has to be there.
I wonder what additional checks can be done enabling ttl-security on BGP next-hop.
looking for the number of route-hops to next-hop would require a traceroute and it is unlikely.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide