.. _example_protocols_bgp_peer-group_multihop:

########
Multihop
########


.. sidebar:: Contents

  .. contents::
    :depth: 2
    :local:

Scenario to verify BGP **peer-group ebgp-multihop** and **ttl-security** inheritance.
By default, eBGP requires peers to be directly connected (TTL=1). The
``ebgp-multihop <N>`` command sets the maximum TTL to N, allowing sessions over
multiple hops. If the hop count exceeds N, the TTL expires and the session cannot
establish. The ``ttl-security hops <N>`` command provides a security mechanism that
discards BGP packets with TTL below (255 - N), protecting against spoofed packets
from distant sources. If the actual hop count exceeds N, packets arrive with a TTL
too low and are rejected. A transit node (DUT2) sits between DUT0 and DUT1 (2 hops
apart), so values of 1 hop should fail and values of 3+ hops should succeed. When
configured on a peer-group, all members inherit the multihop or ttl-security behavior.

.. image:: multihop.svg
  :width: 400

************************************************
Test eBGP - Peer-group multihop and ttl-security
************************************************

Description
===========

Test ``ebgp-multihop`` and ``ttl-security hops`` configured on a peer-group
with values that block or allow a 2-hop eBGP session.

Scenario
========

.. include:: multihop/testebgp-peer-groupmultihopandttl-security

.. raw:: html

  <hr>