bgp ttl-security済
初期設定
iosv-2(config-router)#neighbor 192.168.23.2 ttl-security hops 1
iosv-2(config-router)#do sh ip bgp sum
BGP router identifier 3.3.3.3, local AS number 200
BGP table version is 2, main routing table version 2
1 network entries using 144 bytes of memory
1 path entries using 84 bytes of memory
1/1 BGP path/bestpath attribute entries using 160 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 388 total bytes of memory
BGP activity 5/4 prefixes, 5/4 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.12.1 4 100 0 0 1 0 0 never Idle
192.168.23.2 4 100 0 0 1 0 0 00:02:01 Idle片方にだけttl-securityを設定するとピアリングできなくなる。
iosv-1(config-router)#neighbor 192.168.23.3 ttl-security hops 1
iosv-2#sh ip bgp sum | b activity
BGP activity 6/4 prefixes, 7/5 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.12.1 4 100 0 0 1 0 0 never Idle
192.168.23.2 4 100 5 5 5 0 0 00:00:37 1対向にもttl-securityを設定するとピアリングできる。
iosv-2(config-router)#neighbor 192.168.23.2 ttl-security hops 5(対向はhops 1)
iosv-2(config-router)#do sh ip bgp sum | b activity
BGP activity 7/6 prefixes, 8/7 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.12.1 4 100 0 0 1 0 0 never Idle
192.168.23.2 4 100 5 2 1 0 0 00:00:44 1ちなみにttl-securityを両方で設定さえしていれば、hopsの数は揃っていなくても大丈夫そう。(ただしピアに届くホップ数になるように気を付ける。)