network-freak

Hi Everyone, In the blog, I am going to explain how TTL security is useful in BGP Session protection. Time to Live will be added to every packet and it will be reduced at each hop it transfers. Consider someone who wants to hack your BGP session and will send the spoofed  BGP packets and try to negotiate with your BGP session. to avoid this kind of spoofing we use TTL Security TTL security is a mechanism that evaluates the TTL value of incoming IP packets to ensure that they have not been faked. The IP TTL value will be set to 255 by directly connected BGP peers, making it impossible to relay spoof Internet protocol with TTL=255 through non directly connected interfaces. Cisco XR router bgp 100  neighbor-group ebgp   ttl-security  ! neighbor 192.168.1.1   remote-as 100   use neighbor-group ebgp   address-family ipv4 unicast   !  ! Juniper  protocols {                        ...

In our previous blog, we configured iBGP between Nokia SR Routers. PE01 received routes from CE via eBGP and advertised them to PE02. Nokia Router (Alcatel-Lucent) BGP configuration Basic Let's explore the output of PE02 for the prefix 10.10.10.5/32 advertised from CE01. Prefix 10.10.10.5/32  is available in the BGP table of PE02 as per the below output, the route is not installed in the routing table of PE02. lets us explore the reason for not installing in its routing table of PE02.      From the above Output says that Invalid IGP for the next-hop advertised by the PE01 for the  prefix 10.10.10.5. By default when the route is advertised from ebgp it will change the next-hop to its own IP. but in the case of iBGP, let's apply the policy to change the next-hop. /configure router bgp group ibgp-internal next-hop-self  After configuring the next-hop-self command on PE01, Now PE01 advertising its IP as net-hop for the  prefix 10.1.5.5 and installing it in...