The peer valid-ttl-hops command applies the GTSM on a BGP peer or a BGP peer group.
The undo peer valid-ttl-hops command cancels the GTSM configured on a BGP peer or a BGP peer group.
By default, GTSM is not configured on any BGP peer or peer group.
| Parameter | Description | Value |
|---|---|---|
| ipv4-address |
Specifies the IPv4 address of a BGP peer. |
It is in dotted decimal notation. |
| hops |
Specifies the number of TTL hops to be checked. |
The value is an integer that ranges from 1 to 255. The default value is 255. If you specify the parameter hops, the valid range of the TTL value in the packet to be checked is [ 255-hops+1, 255 ]. |
Usage Scenario
To protect a device against the attacks by the forged BGP packets, you can configure GTSM to check whether the TTL value in the IP packet header is within the valid range.
Prerequisites
Before configuring GTSM for a peer group, you need to run the peer group command to add peers to the peer group.
Precautions
When this command is used in the BGP view, it is also applicable to MP-BGP extensions because they use the same TCP connection.
The GTSM configurations are symmetrical, that is, GTSM must be enabled on both ends of the BGP connection at the same time. GSTM and EBGP-MAX-HOP are mutually exclusive because both of them affect the TTL of the sent BGP packet. Therefore, the two functions cannot be enabled on a peer or peer group simultaneously. If GTSM is enabled on two directly connected EBGP peers, the fast sensing function on the interfaces directly connecting the EBGP peers is invalid. This is because BGP regards the EBGP peers as indirectly connected when GTSM is enabled on the EBGP peers.