multihop
Syntax
multihop {
no-nexthop-change;
ttl ttl-value;
}
Hierarchy Level
[edit logical-systems logical-system-name protocols bgp], [edit logical-systems logical-system-name protocols bgp group group-name], [edit logical-systems logical-system-name protocols bgp group group-name neighbor address], [edit logical-systems logical-system-name routing-instances routing-instance-name protocols bgp], [edit logical-systems logical-system-name routing-instances routing-instance-name protocols bgp group group-name], [edit logical-systems logical-system-name routing-instances routing-instance-name protocols bgp group group-name neighbor address], [edit protocols bgp], [edit protocols bgp group group-name], [edit protocols bgp group group-name neighbor address], [edit routing-instances routing-instance-name protocols bgp], [edit routing-instances routing-instance-name protocols bgp group group-name], [edit routing-instances routing-instance-name protocols bgp group group-name neighbor address]
Description
Configure an EBGP multihop session.
For Layer 3 VPNs, you configure the EBGP multihop session between the PE and CE routing devices. This allows you to configure one or more routing devices between the PE and CE routing devices.
An external confederation peer is a special case that allows unconnected third-party next hops. You do not need to configure multihop sessions explicitly in this particular case because multihop behavior is implied.
If you have external BGP confederation peer-to-loopback addresses, you still need the multihop configuration.
You cannot configure the accept-remote-nexthop statement at the
same time.
Default
If you omit this statement, all EBGP peers are assumed to be directly connected (that is, you are establishing a nonmultihop, or “regular,” BGP session), and the default time-to-live (TTL) value is 1.
In Junos, you can configure TTL for both IPv4 and IPv6 multi-hop eBGP sessions. TTL for IPv6 multi-hop eBGP session refers to hop-limit setting.
Options
| no-nexthop-change |
Specify that the BGP next-hop value not be changed. An external confederation peer is a special case that allows unconnected third-party next hops. You do not need to configure multihop sessions explicitly in this particular case; multihop behavior is implied. If you have external BGP confederation peer-to-loopback addresses, you still need the multihop configuration. Note:
You cannot configure the
|
| ttl ttl-value |
Configure the maximum time-to-live (TTL) value for the TTL in the IP header of BGP packets. Configure the maximum time-to-live (TTL) value for the TTL in the IP header of BGP packets. For BGP multihop scenarios, in which EBGP peers are not directly connected to each other, setting a TTL is optional. The default setting is 64. For BGP single-hop scenarios, in which external EBGP peers are directly connected to each other, you can, optionally, set the TTL to 255 and configure an inbound firewall filter to allow only BGP control packets with the TTL set to 255. This is in accordance with RFC 3682, The Generalized TTL Security Mechanism (GTSM). For example: Send all BGP control packets with the TTL set to 255: user@host# show protocols
bgp {
group toAS2 {
type external;
peer-as 2;
ttl 255;
neighbor 10.1.2.3;
neighbor 10.3.4.5;
neighbor 10.5.6.7;
}
}
Accept only BGP control packets that have the TTL set to 255: user@host# show firewall
filter ttl-security {
term gtsm {
from {
source-address {
10.1.2.3/32;
10.3.4.5/32;
10.5.6.7/32;
}
protocol tcp;
ttl-except 255;
port 179;
}
then {
discard;
}
}
term else {
then {
accept;
}
}
}
Apply the firewall filter to the inbound interface for the EBGP single-hop peer: user@host# show interfaces
ge-1/0/0 {
unit 0 {
family inet {
filter {
input ttl-security;
}
}
}
}
|
Required Privilege Level
routing—To view this statement in the configuration.
routing-control—To add this statement to the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.
Support for setting the TTL on single-hop external BGP (EBGP) peers introduced in Junos OS Release 13.3.