My thought, why doesn't a debug show there's a ttl expiration? Similar to the incorrect asn config. It would be nice to have.
Sent from my Windows Phone ________________________________ From: Tony Singh<mailto:[email protected]> Sent: 18/04/2013 4:50 PM To: Bob McCouch<mailto:[email protected]> Cc: [email protected]<mailto:[email protected]> Subject: Re: [OSL | CCIE_RS] BGP TTL Expiration I agree Bob however what Keller is saying is in an extended ping router is 5 hops away you set it to 4 doesn't get their Set it to five and it does...right.. -- BR Tony Sent from my iPhone on 3 On 18 Apr 2013, at 06:17, Bob McCouch <[email protected]> wrote: > I don't believe TTL is necessarily reflected in a ping reply. Most > devices set the TTL of their response based on their own IP stack's > configuration, not based on the TTL if the incoming request. > > Ping a few things around the Internet. I get wildly different incoming > TTLs from each target. > Bob > -- > Sent from my iPhone, please excuse any typos. > > On Apr 18, 2013, at 12:49 AM, Keller Giacomarro <[email protected]> wrote: > >> You could, of course, just ping the remote site with a set TTL and see what >> it is when it arrives. But I thought a pure BGP solution was more fun. =) >> >> Keller Giacomarro >> [email protected] >> >> >> On Wed, Apr 17, 2013 at 11:55 PM, Baldeep Birdy >> <[email protected]>wrote: >> >>> :o >>> >>> That's a bit convoluted but I get the idea. There's got to be a more >>> elegant solution. >>> >>> Thanks >>> B >>> >>> ------------------------------ >>> From: [email protected] >>> Date: Wed, 17 Apr 2013 23:26:15 -0400 >>> Subject: Re: [OSL | CCIE_RS] BGP TTL Expiration >>> To: [email protected] >>> CC: [email protected] >>> >>> >>> (config-router) neighbor 1.2.3.4 ttl-security 1 >>> >>> Now do a "debug ip packet <acl> detail" with a BGP-only ACL on your >>> far-end router (1.2.3.4) and see what the TTL is when the packet arrives. >>> 255 - TTL of the packet = number of hops in between you. >>> >>> This works because TTL-Security sets the TTL to 255 before transmitting, >>> and only allows packets that have a TTL of 255 - <setting>. In this way, >>> the packets will still arrive for your capture, but the neighborship won't >>> establish until you enter a more sane TTL setting than "1". >>> >>> Hope this helps, >>> >>> -Keller >>> >>> Keller Giacomarro >>> [email protected] >>> >>> >>> On Wed, Apr 17, 2013 at 10:48 PM, Baldeep Birdy >>> <[email protected]>wrote: >>> >>> Guys, >>> >>> Haven't posted for a while as I've been immersing myself in labs. The fun >>> of IPv6, Multicast and MPLS :) but I'm getting there. >>> >>> Back to point, I was doing a lab where I had some eBGP peers that were >>> multiple hops apart. When I configured everything up I forgot to add the >>> eBGP multihop command. After some troubleshooting I figured out my school >>> boy error but it sparked a question. >>> >>> Scenario is that you have peers multi hops away, but you have no >>> visibility of the internetwork connecting them. So you dont know how many >>> hops there are i.e. traceroute doesnt work. When you use the show ip bgp >>> neighbours command it tells you that the peer is multi hops away, but >>> doesnt give more info. >>> >>> Is there a debug that gives you info on what to set the TTL to? I know the >>> lazy answer is just to use 255 in the multihop command, but what if we want >>> to be very specific. TTL Boundary esque !? >>> >>> If the peer is 5 hops away but I set my multihop command to 4 my peering >>> wont come up!? so again, is there a debug to give me a helpful hint? >>> >>> Cheers >>> Bal >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >>> >>> http://onlinestudylist.com/mailman/listinfo/ccie_rs >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
