Cisco Cisco IOS Software Release 12.2(25)S
Corporate Headquarters:
Copyright © 2005 Cisco Systems, Inc. All rights reserved.
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
BGP Support for TTL Security Check
The BGP Support for TTL Security Check feature introduces a lightweight security mechanism to
protect external Border Gateway Protocol (eBGP) peering sessions from CPU utilization-based attacks
using forged IP packets. Enabling this feature prevents attempts to hijack the eBGP peering session by
a host on a network segment that is not part of either BGP network or by a host on a network segment
that is not between the eBGP peers.
protect external Border Gateway Protocol (eBGP) peering sessions from CPU utilization-based attacks
using forged IP packets. Enabling this feature prevents attempts to hijack the eBGP peering session by
a host on a network segment that is not part of either BGP network or by a host on a network segment
that is not between the eBGP peers.
You enable this feature by configuring a minimum Time To Live (TTL) value for incoming IP packets
received from a specific eBGP peer. When this feature is enabled, BGP will establish and maintain the
session only if the TTL value in the IP packet header is equal to or greater than the TTL value configured
for the peering session. If the value is less than the configured value, the packet is silently discarded and
no Internet Control Message Protocol (ICMP) message is generated. This feature is both effective and
easy to deploy.
received from a specific eBGP peer. When this feature is enabled, BGP will establish and maintain the
session only if the TTL value in the IP packet header is equal to or greater than the TTL value configured
for the peering session. If the value is less than the configured value, the packet is silently discarded and
no Internet Control Message Protocol (ICMP) message is generated. This feature is both effective and
easy to deploy.
Feature History for the BGP Support for TTL Security Check Feature
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image
support. Access Cisco Feature Navigator at
support. Access Cisco Feature Navigator at
. You must have an account on
Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at
the login dialog box and follow the instructions that appear.
the login dialog box and follow the instructions that appear.
Contents
•
•
•
Release
Modification
12.0(27)S
This feature was introduced.
12.3(7)T
This feature was integrated into Cisco IOS Release 12.3(7)T.
12.2(25)S
This feature was integrated into Cisco IOS Release 12.2(25)S.
12.2(18)SXE
This feature was integrated into Cisco IOS Release 12.2(18)SXE.