Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    ttl (Protocols BGP)

    Syntax

    ttl ttl-value;

    Hierarchy Level

    [edit logical-systems logical-system-name protocols bgp],
    [edit logical-systems logical-system-name protocols bgp multihop],
    [edit logical-systems logical-system-name protocols bgp group group-name],
    [edit logical-systems logical-system-name protocols bgp group group-name multihop],
    [edit logical-systems logical-system-name protocols bgp group group-name neighbor address],
    [edit logical-systems logical-system-name protocols bgp group group-name neighbor address multihop],
    [edit logical-systems logical-system-name routing-instances routing-instance-name protocols bgp],
    [edit logical-systems logical-system-name routing-instances routing-instance-name protocols bgp multihop],
    [edit logical-systems logical-system-name routing-instances routing-instance-name protocols bgp group group-name],
    [edit logical-systems logical-system-name routing-instances routing-instance-name protocols bgp group group-name multihop],
    [edit logical-systems logical-system-name routing-instances routing-instance-name protocols bgp group group-name neighbor address],
    [edit logical-systems logical-system-name routing-instances routing-instance-name protocols bgp group group-name neighbor address multihop],
    [edit protocols bgp],
    [edit protocols bgp multihop],
    [edit protocols bgp group group-name multihop],
    [edit protocols bgp group group-name neighbor address],
    [edit protocols bgp group group-name neighbor address multihop],
    [edit routing-instances routing-instance-name protocols bgp],
    [edit routing-instances routing-instance-name protocols bgp multihop],
    [edit routing-instances routing-instance-name protocols bgp group group-name],
    [edit routing-instances routing-instance-name protocols bgp group group-name multihop],
    [edit routing-instances routing-instance-name protocols bgp group group-name neighbor address]
    [edit routing-instances routing-instance-name protocols bgp group group-name neighbor address multihop]

    Release Information

    Statement introduced before Junos OS Release 7.4.

    Statement introduced in Junos OS Release 9.0 for EX Series switches.

    Statement introduced in Junos OS Release 11.3 for the QFX Series.

    Support for setting the TTL on single-hop external BGP (EBGP) peers introduced in Junos OS Release 13.3.

    Description

    Configure the maximum time-to-live (TTL) value for the TTL in the IP header of BGP packets.

    For BGP multihop scenarios, in which EBGP peers are not directly connected to each other, setting a TTL is optional. The default setting is 64.

    For BGP single-hop scenarios, in which external EBGP peers are directly connected to each other, you can, optionally, set the TTL to 255 and configure an inbound firewall filter to allow only BGP control packets with the TTL set to 255. This is in accordance with RFC 3682, The Generalized TTL Security Mechanism (GTSM). For example:

    Send all BGP control packets with the TTL set to 255:

    user@host# show protocols
    bgp {
    group toAS2 {
    type external;
    peer-as 2;
    ttl 255;
    neighbor 10.1.2.3;
    neighbor 10.3.4.5;
    neighbor 10.5.6.7;
    }
    }

    Accept only BGP control packets that have the TTL set to 255:

    user@host# show firewall
    filter ttl-security {
    term gtsm {
    from {
    source-address {
    10.1.2.3/32;
    10.3.4.5/32;
    10.5.6.7/32;
    }
    protocol tcp;
    ttl-except 255;
    port 179;
    }
    then {
    discard;
    }
    }
    term else {
    then {
    accept;
    }
    }
    }

    Apply the firewall filter to the inbound interface for the EBGP single-hop peer:

    user@host# show interfaces
    ge-1/0/0 {
    unit 0 {
    family inet {
    filter {
    input gtsm;
    }
    }
    }
    }

    Options

    ttl-value—TTL value for BGP packets.

    Range: 1 through 255, for multihop peers

    Default: 64 (for multihop EBGP sessions, confederations, and IBGP sessions)

    Range: 1 or 255, for single-hop peers

    Default: 1 (for single-hop EBGP sessions)

    Required Privilege Level

    routing—To view this statement in the configuration.

    routing-control—To add this statement to the configuration.

    Modified: 2017-09-13