summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorPradosh Mohapatra <pmohapat@cumulusnetworks.com>2013-09-12 05:37:07 +0200
committerDavid Lamparter <equinox@opensourcerouting.org>2014-05-19 23:25:46 +0200
commit5d804b439a4138c77f81de30c64f923e2b5c1340 (patch)
treeb63e3dc3a266d42311392e57c37e2b0a9855ff0b /doc
parentbgpd: factor out eBGP multihop check (diff)
downloadfrr-5d804b439a4138c77f81de30c64f923e2b5c1340.tar.xz
frr-5d804b439a4138c77f81de30c64f923e2b5c1340.zip
bgpd: support TTL-security with iBGP
Traditionally, ttl-security feature has been associated with EBGP sessions as those identify directly connected external peers. The GTSM RFC (rfc 5082) does not make any restrictions on type of peering. In fact, it is beneficial to support ttl-security for both EBGP and IBGP sessions. Specifically, in data centers, there are directly connected IBGP peerings that will benefit from the protection ttl-security provides. Signed-off-by: Dinesh G Dutt <ddutt@cumulusnetworks.com> Reviewed-by: Pradosh Mohapatra <pmohapat@cumulusnetworks.com> [DL: function refactoring split out into previous 2 patches. changes: - bgp_set_socket_ttl(): ret type int -> void - is_ebgp_multihop_configured(): stripped peer == NULL check - comments/whitespace] Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Diffstat (limited to 'doc')
-rw-r--r--doc/bgpd.texi8
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/bgpd.texi b/doc/bgpd.texi
index 24028d6f9..cb9789bdb 100644
--- a/doc/bgpd.texi
+++ b/doc/bgpd.texi
@@ -366,6 +366,14 @@ Note that replace-as can only be specified if no-prepend is.
This command is only allowed for eBGP peers.
@end deffn
+@deffn {BGP} {neighbor @var{peer} ttl-security hops @var{number}} {}
+@deffnx {BGP} {no neighbor @var{peer} ttl-security hops @var{number}} {}
+This command enforces Generalized TTL Security Mechanism (GTSM), as
+specified in RFC 5082. With this command, only neighbors that are the
+specified number of hops away will be allowed to become neighbors. This
+command is mututally exclusive with @command{ebgp-multihop}.
+@end deffn
+
@node Peer filtering
@subsection Peer filtering