R0106-HP MSR Router Series Layer 3 - IP Routing Command Reference(V7)
431
undo peer { group-name | ip-address | ipv6-address } ttl-security hops
Default
GTSM is disabled for BGP.
Views
BGP view, BGP-VPN instance view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer
group must have been created.
ip-address: Specifies a peer by its IP address. The peer must have been created.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
hops hop-count: Specifies the maximum number of hops to the specified peer, in the range of 1 to 254.
Usage guidelines
GTSM protects a BGP session by comparing the TTL value of an incoming IP packet against the valid TTL
range. If the TTL value is within the valid TTL range, the packet is accepted. If not, the packet is discarded.
The valid TTL range is from 255 – the configured hop count + 1 to 255.
When GTSM is configured, the BGP packets sent by the device have a TTL of 255.
When GTSM is configured, the local device can establish an EBGP session with the peer after both
devices pass GTSM check, regardless of whether the maximum number of hops is reached.
To use GTSM, you must configure GTSM on both the local and peer devices. You can specify different
hop-count values for them.
Examples
# In BGP view, enable GTSM for the BGP peer group test and specify the maximum number of hops to
the specified peer group as 1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] peer test ttl-security hops 1
# In BGP-VPN instance view, enable GTSM for BGP peer group test and specify the maximum number of
hops to the specified peer group as 1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] ip vpn-instance vpn1
[Sysname-bgp-vpn1] peer test ttl-security hops 1
Related commands
peer ebgp-max-hop
pic
Use pic to enable BGP FRR for a BGP address family.
Use undo pic to disable BGP FRR for a BGP address family.