Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Announcement: Try the Ask AI chatbot for answers to your technical questions about Juniper products and solutions.

close
external-header-nav
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS Junos CLI Reference CLI Reference M

Junos CLI Reference

keyboard_arrow_up
close
keyboard_arrow_left
Junos CLI Reference
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

multihop

date_range 20-Nov-23
arrow_backward
arrow_forward

Syntax

content_copy zoom_out_map
multihop {
    no-nexthop-change;
    ttl ttl-value;
}

Hierarchy Level

content_copy zoom_out_map
[edit logical-systems logical-system-name protocols bgp],
[edit logical-systems logical-system-name protocols bgp group group-name],
[edit logical-systems logical-system-name protocols bgp group group-name neighbor address],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols bgp],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols bgp group group-name],
[edit logical-systems logical-system-name routing-instances routing-instance-name protocols bgp group group-name neighbor address],
[edit protocols bgp],
[edit protocols bgp group group-name],
[edit protocols bgp group group-name neighbor address],
[edit routing-instances routing-instance-name protocols bgp],
[edit routing-instances routing-instance-name protocols bgp group group-name],
[edit routing-instances routing-instance-name protocols bgp group group-name neighbor address]

Description

Configure an EBGP multihop session.

For Layer 3 VPNs, you configure the EBGP multihop session between the PE and CE routing devices. This allows you to configure one or more routing devices between the PE and CE routing devices.

An external confederation peer is a special case that allows unconnected third-party next hops. You do not need to configure multihop sessions explicitly in this particular case because multihop behavior is implied.

If you have external BGP confederation peer-to-loopback addresses, you still need the multihop configuration.

Note:

You cannot configure the accept-remote-nexthop statement at the same time.

Default

If you omit this statement, all EBGP peers are assumed to be directly connected (that is, you are establishing a nonmultihop, or “regular,” BGP session), and the default time-to-live (TTL) value is 1.

Note:

In Junos, you can configure TTL for both IPv4 and IPv6 multi-hop eBGP sessions. TTL for IPv6 multi-hop eBGP session refers to hop-limit setting.

Options

no-nexthop-change

Specify that the BGP next-hop value not be changed.

An external confederation peer is a special case that allows unconnected third-party next hops. You do not need to configure multihop sessions explicitly in this particular case; multihop behavior is implied.

If you have external BGP confederation peer-to-loopback addresses, you still need the multihop configuration.

Note:

You cannot configure the accept-remote-nexthop statement at the same time.

  • Default: If you omit this statement, all EBGP peers are assumed to be directly connected (that is, you are establishing a nonmultihop, or “regular,” BGP session), and the default time-to-live (TTL) value is 1.

ttl ttl-value

Configure the maximum time-to-live (TTL) value for the TTL in the IP header of BGP packets.

Configure the maximum time-to-live (TTL) value for the TTL in the IP header of BGP packets.

For BGP multihop scenarios, in which EBGP peers are not directly connected to each other, setting a TTL is optional. The default setting is 64.

For BGP single-hop scenarios, in which external EBGP peers are directly connected to each other, you can, optionally, set the TTL to 255 and configure an inbound firewall filter to allow only BGP control packets with the TTL set to 255. This is in accordance with RFC 3682, The Generalized TTL Security Mechanism (GTSM). For example:

Send all BGP control packets with the TTL set to 255:

content_copy zoom_out_map
user@host# show protocols
bgp {
    group toAS2 {
        type external;
        peer-as 2;
        ttl 255;
        neighbor 10.1.2.3;
        neighbor 10.3.4.5;
        neighbor 10.5.6.7;
    }
}

Accept only BGP control packets that have the TTL set to 255:

content_copy zoom_out_map
user@host# show firewall
filter ttl-security {
    term gtsm {
        from {
            source-address {
                10.1.2.3/32;
                10.3.4.5/32;
                10.5.6.7/32;
            }
            protocol tcp;
            ttl-except 255;
            port 179;
        }
        then {
            discard;
        }
    }
    term else {
        then {
            accept;
        }
    }
}

Apply the firewall filter to the inbound interface for the EBGP single-hop peer:

content_copy zoom_out_map
user@host# show interfaces
ge-1/0/0 {
    unit 0 {
        family inet {
            filter {
                input ttl-security;
            }
        }
    }
}

  • Range: 1 through 255, for multihop peers

  • Default: 64 (for multihop EBGP sessions, confederations, and IBGP sessions)

  • Range: 1 or 255, for single-hop peers

  • Default: 1 (for single-hop EBGP sessions)

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced before Junos OS Release 7.4.

Support for setting the TTL on single-hop external BGP (EBGP) peers introduced in Junos OS Release 13.3.

Related Documentation

arrow_backward PREVIOUS multichunk-inspection
NEXT arrow_forward multilink
external-footer-nav