Generalized TTL Security Mechanism
GTSM prevents attempts to hijack the eBGP peering session from the following
attackers:
- A host on a network segment that is not part of either BGP network
- A host on a network segment that is not between the eBGP peers
You enable GTSM by configuring a minimum Time To
Live (TTL) value for IP packets incoming from a specific eBGP peer. BGP establishes and
maintains the session only if the TTL value in the IP packet header is equal to or
greater than the TTL value for the peering session. If the TTL value in the packet
header is less than the value for the peering session, the packet is silently discarded
and no Internet Control Message Protocol (ICMP) message is generated.
For directly connected neighbors, the device
expects the BGP control packets from the neighbor to have a TTL value of 254 or 255. For
multihop peers, the device expects the TTL for BGP control packets from the neighbor to
be greater than or equal to 255, minus the configured number of hops to the neighbor.
The device drops the BGP control packets from the neighbor if the packets do not have
the expected value.
Considerations
- GTSM is supported for directly connected peering
sessions and for multihop eBGP peering sessions.
- GTSM is supported for eBGP only.
- GTSM does not protect the integrity of data sent
between eBGP peers and does not validate eBGP peers through any authentication
method.
- GTSM validates only the locally configured TTL count against the TTL field in the IP packet header.
- GTSM should be configured on each participating
device to maximize the effectiveness of this feature.
- When GTSM is enabled, the eBGP session is secured in the incoming direction only and has no effect on outgoing IP packets or the remote device.
