Simply a lab theoretical question. I wouldn't want to get caught out simply because of a TTL issue.
B From: [email protected] Date: Thu, 18 Apr 2013 09:27:25 -0400 Subject: Re: [OSL | CCIE_RS] BGP TTL Expiration To: [email protected] CC: [email protected]; [email protected] Because BGP is a layer 7 protocol and TTL expiration is a layer 3 function! BGP does not need to be aware of TTL expiration, it only finds out from the socket whether the connection was established or not. Also, keep in mind that if you are talking about a multihop peering over the Internet or something, being too aggressive in the TTL you set could be dangerous. If you don't control the network between your BGP nodes, what happens when the topology of that network changes and the hop-count is altered? Your question is an interesting one from an academic/lab standpoint but I'd be pretty cautious about trying to tune TTL for eBGP exactly when it's crossing a network I don't control. Imagine: A carrier has a failure, traffic re-routes, and that breaks your BGP because there are now 2 extra hops in the path... oops. On Thu, Apr 18, 2013 at 3:38 AM, Baldeep Birdy <[email protected]> wrote: My thought, why doesn't a debug show there's a ttl expiration? Similar to the incorrect asn config. It would be nice to have. Sent from my Windows Phone From: Tony Singh Sent: 18/04/2013 4:50 PM To: Bob McCouch Cc: [email protected] Subject: Re: [OSL | CCIE_RS] BGP TTL Expiration I agree Bob however what Keller is saying is in an extended ping router is 5 hops away you set it to 4 doesn't get their Set it to five and it does...right.. -- BR Tony Sent from my iPhone on 3 On 18 Apr 2013, at 06:17, Bob McCouch <[email protected]> wrote: > I don't believe TTL is necessarily reflected in a ping reply. Most > devices set the TTL of their response based on their own IP stack's > configuration, not based on the TTL if the incoming request. > > Ping a few things around the Internet. I get wildly different incoming > TTLs from each target. > Bob > -- > Sent from my iPhone, please excuse any typos. > > On Apr 18, 2013, at 12:49 AM, Keller Giacomarro <[email protected]> wrote: > >> You could, of course, just ping the remote site with a set TTL and see what >> it is when it arrives. But I thought a pure BGP solution was more fun. =) >> >> Keller Giacomarro >> [email protected] >> >> >> On Wed, Apr 17, 2013 at 11:55 PM, Baldeep Birdy >> <[email protected]>wrote: >> >>> :o >>> >>> That's a bit convoluted but I get the idea. There's got to be a more >>> elegant solution. >>> >>> Thanks >>> B >>> >>> ------------------------------ >>> From: [email protected] >>> Date: Wed, 17 Apr 2013 23:26:15 -0400 >>> Subject: Re: [OSL | CCIE_RS] BGP TTL Expiration >>> To: [email protected] >>> CC: [email protected] >>> >>> >>> (config-router) neighbor 1.2.3.4 ttl-security 1 >>> >>> Now do a "debug ip packet <acl> detail" with a BGP-only ACL on your >>> far-end router (1.2.3.4) and see what the TTL is when the packet arrives. >>> 255 - TTL of the packet = number of hops in between you. >>> >>> This works because TTL-Security sets the TTL to 255 before transmitting, >>> and only allows packets that have a TTL of 255 - <setting>. In this way, >>> the packets will still arrive for your capture, but the neighborship won't >>> establish until you enter a more sane TTL setting than "1". >>> >>> Hope this helps, >>> >>> -Keller >>> >>> Keller Giacomarro >>> [email protected] >>> >>> >>> On Wed, Apr 17, 2013 at 10:48 PM, Baldeep Birdy >>> <[email protected]>wrote: >>> >>> Guys, >>> >>> Haven't posted for a while as I've been immersing myself in labs. The fun >>> of IPv6, Multicast and MPLS :) but I'm getting there. >>> >>> Back to point, I was doing a lab where I had some eBGP peers that were >>> multiple hops apart. When I configured everything up I forgot to add the >>> eBGP multihop command. After some troubleshooting I figured out my school >>> boy error but it sparked a question. >>> >>> Scenario is that you have peers multi hops away, but you have no >>> visibility of the internetwork connecting them. So you dont know how many >>> hops there are i.e. traceroute doesnt work. When you use the show ip bgp >>> neighbours command it tells you that the peer is multi hops away, but >>> doesnt give more info. >>> >>> Is there a debug that gives you info on what to set the TTL to? I know the >>> lazy answer is just to use 255 in the multihop command, but what if we want >>> to be very specific. TTL Boundary esque !? >>> >>> If the peer is 5 hops away but I set my multihop command to 4 my peering >>> wont come up!? so again, is there a debug to give me a helpful hint? >>> >>> Cheers >>> Bal >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >>> www.PlatinumPlacement.com >>> >>> http://onlinestudylist.com/mailman/listinfo/ccie_rs >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com >> >> http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
