BGP TTL Security


Scenario:

After years of plumbing work you switched your career to become a network engineer. Besides being good at routing & switching you are very security-minded. One of your routers is connected to your brother’s network and you use BGP to exchange routing information. You want to make sure hackers are unable to spoof the BGP peering in any way.

Goal:

  • All IP addresses have been preconfigured for you.
  • Configure EBGP between router Mario and Luigi.
  • Ensure router Bowser can’t spoof BGP packets by changing the TTL on router Mario for BGP.

IOS:

c3640-jk9s-mz.124-16.bin

Topology:

BGP TTL Security

Video Solution:

Configuration Files

You need to register to download the GNS3 topology file. (Registration is free!)

Once you are logged in you will find the configuration files right here.

Opt In Image
Do you want your CCNA or CCNP Certificate?

The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.

Written by René Molenaar - CCIE #41726

You May Also Like

About the Author: Rene Molenaar

René - CCIE #41726 is the creator of GNS3Vault.com where he shares CCNA, CCNP and CCIE R&S labs. He also blogs about networking on http://networklessons.com

2 Comments

  1. Hi Rene,

    Could I ask you how to set the TTL security command if you have a different number of hops for the outbound and the inbound traffic?

    Lets say you have 3 hops for the outbound and 18 for the inbound

    Thanks in advance

  2. good lab

    found a reference on another site where a guy does “sh ip bgp neighbor | i TTL” to see bgp’s expected TTL.
    thot that was kool.

Comments are closed.