Just simple note in case you're studying ccie lab. As you know, anything you can do - you can also do it another way.
For example you need to configure eBGP session between 2 directly connected routers and initiate session from Loopback interfaces. All of the following commands will be suitable:
ttl security hops 2 = disable-connected-check = ebgp-multihop 2
Please note that ebgp-multihop 2 and ttl-security hops 2 will also allow to establish bgp session with router one hop away, even if you're initiating session from loopbacks, it may be not desired in redundant topologies. For example:
R1 ---- R2 ---- R3
R1 and R3 can also form bgp peering.
disable-connected-check is not modifying TTL of bgp ip packets, it just allow bgp session to be established from non directly connected subnets (it disables this default precheck behavior).
Also here is interesting buggy trick to make somebody crazy. You can configure ebgp-multihop 1 and it will be not shown in configuration (as of 15.2(4)M6 ) and will not allow to configure ttl-security.
For example:
For example you need to configure eBGP session between 2 directly connected routers and initiate session from Loopback interfaces. All of the following commands will be suitable:
ttl security hops 2 = disable-connected-check = ebgp-multihop 2
Please note that ebgp-multihop 2 and ttl-security hops 2 will also allow to establish bgp session with router one hop away, even if you're initiating session from loopbacks, it may be not desired in redundant topologies. For example:
R1 ---- R2 ---- R3
R1 and R3 can also form bgp peering.
disable-connected-check is not modifying TTL of bgp ip packets, it just allow bgp session to be established from non directly connected subnets (it disables this default precheck behavior).
Also here is interesting buggy trick to make somebody crazy. You can configure ebgp-multihop 1 and it will be not shown in configuration (as of 15.2(4)M6 ) and will not allow to configure ttl-security.
For example:
R1(config-router)#neighbor 120.100.2.1 ebgp-multihop 1
R1(config-router)#do sh run | sec bgp
router bgp 100
bgp log-neighbor-changes
neighbor 120.100.2.1 remote-as 300
neighbor 120.100.2.1 update-source Loopback0
R1(config-router)#neighbor 120.100.2.1 ttl-security hops 2
Remove ebgp-multihop before configuring ttl-security
R1(config-router)#do sh run | sec bgp
router bgp 100
bgp log-neighbor-changes
neighbor 120.100.3.1 remote-as 300
neighbor 120.100.3.1 update-source Loopback0
R1(config-router)#no neighbor 120.100.2.1 ebgp-multihop 1
R1(config-router)#neighbor 120.100.2.1 ttl-security hops 2
