Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1358
Views
0
Helpful
5
Replies

IPv6 BGP TTL-Security Problem

Go to solution
Kian Herng See
Level 1
Level 1

‎08-22-2010 04:51 AM - edited ‎03-04-2019 09:30 AM

hi Experts,

Couldn't get the BGP IPv6 ttl-security to work, did i missed something?

The same configuration works for IPv4.

If i change the ttl-sercurity to large value e.g. 240, it will work, but that should not be

the case as TTL = 255 - (hop count).

============================

Topology: R1(fa0/0)-----(fa0/0)R2

============================

Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T13, RELEASE SOFTWARE (fc3)
============================
R1

interface FastEthernet0/0
no ip address
duplex auto
speed auto
ipv6 address 2002:1:1:1::1/64
!
router bgp 100
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 2002:1:1:1::2 remote-as 200
neighbor 2002:1:1:1::2 ttl-security hops 1
no auto-summary
!
address-family ipv6
neighbor 2002:1:1:1::2 activate
exit-address-family
!
=========================
R2

interface FastEthernet0/0
no ip address
duplex auto
speed auto
ipv6 address 2002:1:1:1::2/64
!
router bgp 200
no synchronization
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 2002:1:1:1::1 remote-as 100
neighbor 2002:1:1:1::1 ttl-security hops 1
no auto-summary
!
address-family ipv6
neighbor 2002:1:1:1::1 activate
exit-address-family
!
==========================
Router#debug ip bgp all
BGP debugging is on for all address families
Router#
Router#
Router#
Router#
*Mar  1 00:08:04.131: BGP: 2002:1:1:1::2 open active, local address 2002:1:1:1::1
*Mar  1 00:08:04.143: BGP: 2002:1:1:1::2 open failed: Connection refused by remote host
==========================

Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Lei Tian
Cisco Employee
Cisco Employee
In response to Kian Herng See

‎08-22-2010 08:57 AM

Hi See Kian Herng,

I tested in 12.4T, it is affected, and 15.0M has the fix. Can you read 'CSCsi53353', this one has similar bug description.

HTH,


Lei Tian

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Lei Tian
Cisco Employee
Cisco Employee

‎08-22-2010 06:01 AM

Hi,

Add 'ipv6 hop-limit 255' in the global configuration.

HTH,

Lei Tian

0 Helpful

Go to solution
Lei Tian
Cisco Employee
Cisco Employee
In response to Lei Tian

‎08-22-2010 07:07 AM

Hi,

Tested the command, doesnt help. Found CSCsw45255, looks match the problem. Tested in 15.0(3)M code, is working.

Sorry for the wrong information.

HTH,

Lei Tian

0 Helpful

Go to solution
Kian Herng See
Level 1
Level 1
In response to Lei Tian

‎08-22-2010 07:29 AM

hi Lei Tian,

Thanks for the prompt response.

The bug u mention is not available to public. Would it be possible for you

post the details?

This problem seem to affect wide range of platform & IOS.

I also tried older IOS 12.3 and it doesn't work also.

Regards,

See Kian Herng

0 Helpful

Go to solution
Lei Tian
Cisco Employee
Cisco Employee
In response to Kian Herng See

‎08-22-2010 08:57 AM

Hi See Kian Herng,

I tested in 12.4T, it is affected, and 15.0M has the fix. Can you read 'CSCsi53353', this one has similar bug description.

HTH,


Lei Tian

0 Helpful

Go to solution
Kian Herng See
Level 1
Level 1
In response to Lei Tian

‎08-22-2010 09:54 AM

hi Lei Tian,

Yes, this bug i can view, thanks.

It seems to affect non T train also for 3725.

Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(25c), RELEASE SOFTWARE (fc2)

There's no IOS 15.0 for this platform.  I will probably get 2 x 1841 and test it out.

Thanks alot, you been a geat help.

Regards,

See Kian Herng

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card