Пример настройки функции BGP TTL-security
Конфигурация EcoRouter для включения функции BGP TTL-security:
configure terminal
router bgp 65200
bgp router-id 20.20.20.2
network 20.1.2.0/27
network 20.20.20.2/32
neighbor 10.2.4.2 remote-as 65002
neighbor 10.2.4.2 ttl-security hops 1
neighbor 10.2.4.2 update-source 10.2.4.4В данном случае конфигурация подразумевает значение TTL установленное в 255 для исходящих пакетов и 254 для входящих пакетов.
Конфигурация eBGP соседа Nokia SROS:
/configure router
autonomous-system 65002
bgp
router-id 10.10.10.2
group "eBGP"
loop-detect discard-route
split-horizon
neighbor 10.2.4.4
local-address 10.2.4.2
multihop 255
peer-as 65200
ttl-security 1
exit
exit
no shutdown
exitПроверка установленной BGP сессии на EcoRouter:
br2#show ip bgp neighbors 10.2.4.2
BGP neighbor is 10.2.4.2, remote AS 65002, local AS 65200, external link
BGP version 4, remote router ID 10.10.10.2
BGP state = Established, up for 00:37:45
Last read 00:37:45, hold time is 90, keepalive interval is 30 seconds
Neighbor capabilities:
Route refresh: advertised and received (new)
4-Octet ASN Capability: advertised and received
Address family IPv4 Unicast: advertised and received
Received 755 messages, 0 notifications, 0 in queue
Sent 2639 messages, 607 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 30 seconds
Maximum number of update messages in a burst 50
Auto-refresh enabled
Update source is 10.2.4.4
For address family: IPv4 Unicast
BGP table version 9, neighbor version 9
Index 1, Offset 0, Mask 0x2
Community attribute sent to this neighbor (both)
7 accepted prefixes
6 announced prefixes
Connections established 4; dropped 4
External BGP neighbor must be up to 1 hops away. # Результат работы BGP TTL-security
Local host: 10.2.4.4, Local port: 39713
Foreign host: 10.2.4.2, Foreign port: 179
Nexthop: 10.2.4.4
Last Reset: 00:37:51, due to BGP Notification sent
Notification Error Message: (Cease/Other Configuration Change.)
br2#