Search This Blog

Monday, May 16, 2011

A few learning notes on BGP command


neighbor 1.1.1.1 ttl-security hops 2
neighbor 1.1.1.1 disable-connected-check



By default  BGP will check that a eBGP peer is directly connected by comparing the peer address against directly connected interface addresses.  The BGP router will not even try to connect (no packets hit the wire) if the neighbor doesn't first pass the connected test.  Similarly the remote peer will not accept the peer connection if it does not pass the connected test.  This is beyond the IP TTL limitations related to eBGP, eBGP multihop and TTL security - the checking is at the application layer of BGP.

This check is disabled by :

    * neighbor disable-connected-check , or
    * neighbor ebgp-multihop <ttl> , when TTL > 1

The disable-connect-check  command is used when you want to establish peering of directly connect routers using the loopback interface (using the loopback as the BGP source is configured with neighbor update-source).


Eg:-          bgp log-neighbor-changes
             network 1.1.1.0 mask 255.255.255.0
             neighbor 2.2.2.2 remote-as 200
             neighbor 2.2.2.2 ttl-security hops 2
             neighbor 2.2.2.2 update-source Loopback0