beautypg.com

Bgp4 policy processing order, Generalized ttl security mechanism support, Displaying bgp4 information – Brocade FastIron Ethernet Switch Layer 3 Routing Configuration Guide User Manual

Page 477

background image

BGP4 policy processing order

The order of application of policies when processing inbound and outbound route advertisements on the
device is:

1. lp prefix-list
2. Outbound Ip prefix-list ORF, if negotiated
3. Filter-list (using As-path access-list)
4. Distribute list (using IP ACL - IPv4 unicast only)
5. Route-map

Generalized TTL Security Mechanism support

The device supports the Generalized TTL Security Mechanism (GTSM) as defined in RFC 3682. GTSM
protects the device from attacks of invalid BGP4 control traffic that is sent to overload the CPU or hijack
the BGP4 session. GTSM protection applies to EBGP neighbors only.

When GTSM protection is enabled, BGP4 control packets sent by the device to a neighbor have a Time
To Live (TTL) value of 255. In addition, the device expects the BGP4 control packets received from the
neighbor to have a TTL value of either 254 or 255. For multihop peers (where the ebgp-multihop
option is configured for the neighbor), the device expects the TTL for BGP4 control packets received
from the neighbor to be greater than or equal to 255, minus the configured number of hops to the
neighbor. If the BGP4 control packets received from the neighbor do not have the anticipated value, the
device drops them.

For more information on GTSM protection, see RFC 3682.

To enable GTSM protection for neighbor 192.168.9.210 (for example), enter the following command.

device(config-bgp-router)# neighbor 192.168.9.210 ebgp-btsh

Syntax: [no] neighbor ip-addr | peer-group-name ebgp-btsh

NOTE
For GTSM protection to work properly, it must be enabled on both the device and the neighbor.

Displaying BGP4 information

You can display the following configuration information and statistics for BGP4 protocol:

• Summary BGP4 configuration information for the device
• Active BGP4 configuration information (the BGP4 information in the running configuration)
• Neighbor information
• Peer-group information
• Information about the paths from which BGP4 selects routes
• Summary BGP4 route information
• Virtual Routing and Forwarding (VRF) instance information
• The device’s BGP4 route table
• Route flap dampening statistics

BGP4 policy processing order

FastIron Ethernet Switch Layer 3 Routing Configuration Guide

477

53-1003087-04

See also other documents in the category Brocade Computer Accessories: