Generalized TTL Security Mechanism support
The device supports the Generalized TTL Security Mechanism (GTSM) as defined in RFC 3682. GTSM protects the device from attacks
of invalid BGP4 control traffic that is sent to overload the CPU or hijack the BGP4 session. GTSM protection applies to EBGP neighbors
only.
When GTSM protection is enabled, BGP4 control packets sent by the device to a neighbor have a Time To Live (TTL) value of 255. In
addition, the device expects the BGP4 control packets received from the neighbor to have a TTL value of either 254 or 255. For
multihop peers (where the
ebgp-multihop
option is configured for the neighbor), the device expects the TTL for BGP4 control packets
received from the neighbor to be greater than or equal to 255, minus the configured number of hops to the neighbor. If the BGP4
control packets received from the neighbor do not have the anticipated value, the device drops them.
For more information on GTSM protection, refer to RFC 3682.
To enable GTSM protection for neighbor 192.168.9.210 (for example), enter the following command.
device(config-bgp-router)# neighbor 192.168.9.210 ebgp-btsh
Syntax:
[no] neighbor
ip-addr
|
peer-group-name
ebgp-btsh
NOTE
For GTSM protection to work properly, it must be enabled on both the device and the neighbor.
Displaying BGP4 information
You can display the following configuration information and statistics for BGP4 protocol:
•
Summary BGP4 configuration information for the device
•
Active BGP4 configuration information (the BGP4 information in the running configuration)
•
Neighbor information
•
Peer-group information
•
Information about the paths from which BGP4 selects routes
•
Summary BGP4 route information
•
Virtual Routing and Forwarding (VRF) instance information
•
The device’s BGP4 route table
•
Route flap dampening statistics
•
Active route maps (the route map configuration information in the running configuration)
•
BGP4 graceful restart neighbor Information
•
AS4 support and asdot notation
Displaying summary BGP4 information
You can display the local AS number, the maximum number of routes and neighbors supported, and some BGP4 statistics. You can also
display BGP4 memory usage for:
•
BGP4 routes installed
•
Routes advertising to all neighbors (aggregated into peer groups)
•
Attribute entries installed
Generalized TTL Security Mechanism support
FastIron Ethernet Switch Layer 3 Routing
438
53-1003627-04
Summary of Contents for FastIron SX 1600
Page 2: ...FastIron Ethernet Switch Layer 3 Routing 2 53 1003627 04 ...
Page 16: ...FastIron Ethernet Switch Layer 3 Routing 16 53 1003627 04 ...
Page 20: ...FastIron Ethernet Switch Layer 3 Routing 20 53 1003627 04 ...
Page 142: ...FastIron Ethernet Switch Layer 3 Routing 142 53 1003627 04 ...
Page 150: ...FastIron Ethernet Switch Layer 3 Routing 150 53 1003627 04 ...
Page 200: ...FastIron Ethernet Switch Layer 3 Routing 200 53 1003627 04 ...
Page 214: ...FastIron Ethernet Switch Layer 3 Routing 214 53 1003627 04 ...
Page 350: ...FastIron Ethernet Switch Layer 3 Routing 350 53 1003627 04 ...
Page 476: ...FastIron Ethernet Switch Layer 3 Routing 476 53 1003627 04 ...
Page 588: ...FastIron Ethernet Switch Layer 3 Routing 588 53 1003627 04 ...