BGP Protection - TTL Security Configuratoion Cisco, Juniper and Nokia

Hi Everyone,

In the blog, I am going to explain how TTL security is useful in BGP Session protection. Time to Live will be added to every packet and it will be reduced at each hop it transfers.

Consider someone who wants to hack your BGP session and will send the spoofed  BGP packets and try to negotiate with your BGP session. to avoid this kind of spoofing we use TTL Security


TTL security is a mechanism that evaluates the TTL value of incoming IP packets to ensure

that they have not been faked. The IP TTL value will be set to 255 by directly connected BGP

peers, making it impossible to relay spoof Internet protocol with TTL=255 through non

directly connected interfaces.



Cisco XR

router bgp 100
 neighbor-group ebgp
  ttl-security
 !
neighbor 192.168.1.1
  remote-as 100
  use neighbor-group ebgp
  address-family ipv4 unicast
  !
 !


Juniper 


protocols {                             
    bgp {
        group nokia {
            type external;
            neighbor 192.168.0.1 {
                ttl <1-255>;
                peer-as 100;
                local-as 200;
            }


Nokia vSR


router bgp 
 group "juniper"
                type external
                local-as 100
                ttl-security <1-255>
                neighbor 192.168.0.2
                    peer-as 200
                exit
            exit







Comments

Post a Comment

Popular posts from this blog

Image
How to add Cisco IOU Image on Eve-ng Up and Running Step 1# Download Linux L2/L3 adventerprise Image  Step 2# Upload the downloaded image to the EVE path /opt/unetlab/addons/iol/bin/ using WinSCP or Filezilla Step 3# Fix the permission for the added image using the below command /opt/unetlab/wrappers/unl_wrapper -a fixpermissions Step 4# Create an iou keygen file Copy the Cisco IOU Image Script provided below and add to the script vim /opt/unetlab/addons/iol/bin/ioukeygen.py Esc:wq Step 5# Fix the permission for the Python script chmod –x vim /opt/unetlab/addons/iol/bin/ioukeygen.py Step 6# Run the license generator script  /opt/unetlab/addons/iol/bin/ioukeygen.py copy the license generated by the script Step 7# Create iourc license file for your EVE vim /opt/unetlab/addons/iol/bin/iourc Paste the output captured in Step 6 Step 8# Fix the permission and start practicing your lab by adding the image on eve-ng web /opt/unetlab/wrappers/unl_wrapper -a fixpermissions Cisco IOU Image Script
Read more

Configuration of the epipe/l2circuit on the Nokia 7750 SR/7250 IXR

Image
Epipe Configuration on Nokia 7750 SR This article explains how to configure epipe between Nokia SR routers. The Cisco term is referred to as xconnect and the juniper term is L2circuit. Basic Theories: Epipe name itself identifies it's a point-to-point connection that uses Ethernet encapsulation to pass data bits/bytes between two endpoints. Service provider core act as a layer 2 switch for customer traffic. In other words, this helps to extend the IP segment of the same subnet shared between 2 different locations. Topology: ISIS Level 2 and LDP are preconfigured. let's explore the setup to configure epipe and initiate traffic between the 2 sites. LDP is used to signal the Service label between end nodes participating in epipe. Nokia: SAP-MTU and Service MTU play an important role. To bring up the epipe between 2 end nodes we need to take care of Service-MTU and Sap port MTU. SAP-port MTU and Service MTU should be the same if the encapsulation is null. If the encapsulation is do
Read more

How to configure SFM/ Card/MDA in Nokia SR 7750/77XX series routers

Image
We going to discuss how to configure and bring up the Nokia chassis for the first-time installation like SFM, IOM/IMM Card, and MDA on Nokia 7750/77XX series router. SFM Card - Switch Fabric Module which is an internal backplane used to switch traffic between different slots on the router chassis. IMM -    Integrated Media Module which is your line card with a fixed number of media/ports IOM - Input/Output Module this type of card we can insert different types of media/ports based on the supported type by each Chassis. Let us explore how to identify and configure our Nokia SR series routers. 1. First find the SFM Type inserted on the Nokia Router. as per the output we need to configure  SFM5 to bring up the Switch fabric module A:SR1# configure sfm 1 sfm-type m-sfm5-12 Now SFM is configured let's find the Card Type using the "show card" command  *A:SR1# configure card 1 card-type "iom3-xp" Now, we are in the final phase to bring up the ports. check and configur
Read more