neighbor ebgp-btsh

Enables BGP time to live (TTL) security hack protection (BTSH) for eBGP.

Syntax

neighbor { ip-address | ipv6-address | peer-group-name } ebgp-btsh

no neighbor { ip-address | ipv6-address | peer-group-name } ebgp-btsh

Command Default

Disabled.

Parameters

ip-address: Specifies the IPv4 address of the neighbor.
ipv6-address: Specifies the IPv6 address of the neighbor.
peer-group-name: Specifies a peer group.

Modes

BGP configuration mode

BGP address-family IPv4 unicast VRF configuration mode

BGP address-family IPv6 unicast VRF configuration mode

Usage Guidelines

To maximize the effectiveness of this feature, the neighbor ebgp-btsh command should be executed on each participating device. The neighbor ebgp-btsh command is supported for both directly connected peering sessions and multihop eBGP peering sessions. For directly connected neighbors, when the neighbor ebgp-btsh command is used, the device expects BGP control packets received from the neighbor to have a TTL value of either 254 or 255. For multihop peers, when the neighbor ebgp-btsh command is used, the device expects the TTL for BGP control packets received from the neighbor to be greater than or equal to 255 minus the configured number of hops to the neighbor.

The no form of the command disables BTSH for eBGP.

Examples

The following example enables GTSM between a device and a neighbor with the IP address 10.10.10.1.

device# configure terminal
device(config)# router bgp
device(config-bgp-router)# neighbor 10.1.1.1 ebgp-btsh

The following example enables GTSM between a device and a neighbor with the IPv6 address 2001:2018:8192::125.

device# configure terminal
device(config)# router bgp
device(config-bgp-router)# neighbor 2001:2018:8192::125 ebgp-btsh