Ciscoman's notes (Записки цыщика c дипломом)

I'm Cisco Champion Community member for 2017!

I'm Cisco Champion Community member for 2017!
"Cisco Champions are passionate about Cisco and happy to share our knowledge, experience, and feedback."

пятница, 6 июня 2014 г.

Random note about bgp ttl-security, ebgp-multihop and disable-connected-check commands.

Just simple note in case you're studying ccie lab. As you know, anything you can do - you can also do it another way.
For example you need to configure eBGP session between 2 directly connected routers and initiate session from Loopback interfaces. All of the following commands will be suitable:

 ttl security hops 2disable-connected-check = ebgp-multihop 2

Please note that ebgp-multihop 2 and ttl-security hops 2 will also allow to establish bgp session with router one hop away, even if you're initiating session from loopbacks, it may be not desired in redundant topologies. For example:
R1 ---- R2 ---- R3
R1 and R3 can also form bgp peering.

disable-connected-check is not modifying TTL of bgp ip packets, it just allow bgp session to be established from non directly connected subnets (it disables this default precheck behavior).

Also here is interesting buggy trick to make somebody crazy. You can configure ebgp-multihop 1 and it will be not shown in configuration (as of  15.2(4)M6 ) and will not allow to configure ttl-security.
For example:
R1(config-router)#neighbor 120.100.2.1 ebgp-multihop 1
R1(config-router)#do sh run | sec bgp
router bgp 100
 bgp log-neighbor-changes
 neighbor 120.100.2.1 remote-as 300
 neighbor 120.100.2.1 update-source Loopback0
R1(config-router)#neighbor 120.100.2.1 ttl-security hops 2
Remove ebgp-multihop before configuring ttl-security
R1(config-router)#do sh run | sec bgp
router bgp 100
 bgp log-neighbor-changes
 neighbor 120.100.3.1 remote-as 300
 neighbor 120.100.3.1 update-source Loopback0
R1(config-router)#no neighbor 120.100.2.1 ebgp-multihop 1
R1(config-router)#neighbor 120.100.2.1 ttl-security hops 2


3 комментария:

Постоянные читатели

Поиск по этому блогу