ttl (Protocols BGP)

 

Syntax

Hierarchy Level

Release Information

Statement introduced before Junos OS Release 7.4.

Statement introduced in Junos OS Release 9.0 for EX Series switches.

Statement introduced in Junos OS Release 11.3 for the QFX Series.

Support for setting the TTL on single-hop external BGP (EBGP) peers introduced in Junos OS Release 13.3.

Description

Configure the maximum time-to-live (TTL) value for the TTL in the IP header of BGP packets.

For BGP multihop scenarios, in which EBGP peers are not directly connected to each other, setting a TTL is optional. The default setting is 64.

For BGP single-hop scenarios, in which external EBGP peers are directly connected to each other, you can, optionally, set the TTL to 255 and configure an inbound firewall filter to allow only BGP control packets with the TTL set to 255. This is in accordance with RFC 3682, The Generalized TTL Security Mechanism (GTSM). For example:

Send all BGP control packets with the TTL set to 255:

Accept only BGP control packets that have the TTL set to 255:

Apply the firewall filter to the inbound interface for the EBGP single-hop peer:

Options

ttl-value—TTL value for BGP packets.

Range: 1 through 255, for multihop peers

Default: 64 (for multihop EBGP sessions, confederations, and IBGP sessions)

Range: 1 or 255, for single-hop peers

Default: 1 (for single-hop EBGP sessions)

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.