Solved: IPv6 BGP TTL-Security Problem

Kian Herng See · ‎08-22-2010

hi Experts,

Couldn't get the BGP IPv6 ttl-security to work, did i missed something?

The same configuration works for IPv4.

If i change the ttl-sercurity to large value e.g. 240, it will work, but that should not be

the case as TTL = 255 - (hop count).

============================

Topology: R1(fa0/0)-----(fa0/0)R2

============================

Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T13, RELEASE SOFTWARE (fc3)
============================
R1

interface FastEthernet0/0
no ip address
duplex auto
speed auto
ipv6 address 2002:1:1:1::1/64
!
router bgp 100
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
neighbor 2002:1:1:1::2 remote-as 200
neighbor 2002:1:1:1::2 ttl-security hops 1
no auto-summary
!
address-family ipv6
neighbor 2002:1:1:1::2 activate
exit-address-family
!
=========================
R2

interface FastEthernet0/0
no ip address
duplex auto
speed auto
ipv6 address 2002:1:1:1::2/64
!
router bgp 200
no synchronization
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 2002:1:1:1::1 remote-as 100
neighbor 2002:1:1:1::1 ttl-security hops 1
no auto-summary
!
address-family ipv6
neighbor 2002:1:1:1::1 activate
exit-address-family
!
==========================
Router#debug ip bgp all
BGP debugging is on for all address families
Router#
Router#
Router#
Router#
*Mar 1 00:08:04.131: BGP: 2002:1:1:1::2 open active, local address 2002:1:1:1::1
*Mar 1 00:08:04.143: BGP: 2002:1:1:1::2 open failed: Connection refused by remote host
==========================

Regards

Lei Tian · ‎08-22-2010

Hi See Kian Herng,

I tested in 12.4T, it is affected, and 15.0M has the fix. Can you read 'CSCsi53353', this one has similar bug description.

HTH,

Lei Tian

View solution in original post

Lei Tian · ‎08-22-2010

Hi,

Add 'ipv6 hop-limit 255' in the global configuration.

HTH,

Lei Tian

Lei Tian · ‎08-22-2010

Hi,

Tested the command, doesnt help. Found CSCsw45255, looks match the problem. Tested in 15.0(3)M code, is working.

Sorry for the wrong information.

HTH,

Lei Tian

Kian Herng See · ‎08-22-2010

hi Lei Tian,

Thanks for the prompt response.

The bug u mention is not available to public. Would it be possible for you

post the details?

This problem seem to affect wide range of platform & IOS.

I also tried older IOS 12.3 and it doesn't work also.

Regards,

See Kian Herng

Lei Tian · ‎08-22-2010

Hi See Kian Herng,

I tested in 12.4T, it is affected, and 15.0M has the fix. Can you read 'CSCsi53353', this one has similar bug description.

HTH,

Lei Tian

Kian Herng See · ‎08-22-2010

hi Lei Tian,

Yes, this bug i can view, thanks.

It seems to affect non T train also for 3725.

Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(25c), RELEASE SOFTWARE (fc2)

There's no IOS 15.0 for this platform. I will probably get 2 x 1841 and test it out.

Thanks alot, you been a geat help.

Regards,

See Kian Herng