R0106-HP MSR Router Series Layer 3 - IP Routing Configuration Guide(V7)
267
To disable BGP to establish a session to a peer or peer group (IPv6 unicast/multicast address family):
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view or BGP-VPN
instance view.
• Enter BGP view:
bgp as-number
• Enter BGP-VPN instance view:
a. bgp as-number
b. ip vpn-instance
vpn-instance-name
N/A
3. Disable BGP to establish a
session to a peer or peer
group.
peer { group-name |
ipv6-address } ignore
By default, BGP can establish a
session to a peer.
Configuring GTSM for BGP
The Generalized TTL Security Mechanism (GTSM) protects a BGP session by comparing the TTL value of
an incoming IP packet against the valid TTL range. If the TTL value is within the valid TTL range, the packet
is accepted. If not, the packet is discarded.
The valid TTL range is from 255 – the configured hop count + 1 to 255.
When GTSM is configured, the BGP packets sent by the device have a TTL of 255.
GTSM provides best protection for directly connected EBGP sessions, but not for multihop EBGP or IBGP
sessions because the TTL of packets might be modified by intermediate devices.
IMPORTANT:
• When GTSM is configured, the local device can establish an EBGP session with the
peer after both devices pass GTSM check, regardless of whether the maximum number of hops is
reached.
• To use GTSM, you must configure GTSM on both the local and peer devices. You can
specify different
hop-count
values for them.
To configure GTSM for BGP (IPv4 unicast/multicast address family):
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view or BGP-VPN
instance view.
• Enter BGP view:
bgp as-number
• Enter BGP-VPN instance view:
a. bgp as-number
b. ip vpn-instance
vpn-instance-name
N/A
3. Configure GTSM for the
specified BGP peer or peer
group.
peer { group-name | ip-address }
ttl-security hops hop-count
By default, GTSM is not
configured.
To configure GTSM for BGP (IPv6 unicast/multicast address family):