Multihop
Scenario to verify BGP multihop functionality using both ebgp-multihop and ttl-security (GTSM - RFC 5082) for eBGP sessions across non-directly connected peers.
By default, eBGP sessions require peers to be directly connected (TTL=1). When peers are separated by intermediate routers, additional configuration is needed:
ebgp-multihop <N>: Sets the TTL of outgoing BGP packets to N, allowing the session to traverse up to N hops. If N is too low for the actual hop count, the packets expire before reaching the peer and the session cannot establish.
ttl-security hops <N>: Implements GTSM (RFC 5082). The sender transmits packets with TTL=255 and the receiver only accepts packets with TTL >= (255 - N). For a peer 2 hops away, TTL arrives as 253 (255-2). With
hops 1, minimum accepted TTL is 254, so 253 is rejected. Withhops 5, minimum accepted TTL is 250, so 253 is accepted.
Each feature is tested with both a low value (session blocked) and a high value (session established) to verify correct hop/TTL enforcement. The topology uses 3 DUTs: DUT0 (AS 100) and DUT1 (AS 200) are 2 hops apart with DUT2 acting as a transit router.
Test BGP Multihop
Description
Test eBGP multihop features with both low values (session blocked) and high values (session established) to verify correct hop/TTL enforcement.
Scenario
Example 1
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 100 neighbor peer ebgp-multihop 1 set protocols bgp 100 neighbor peer remote-address 20.20.0.200 set protocols bgp 100 neighbor peer remote-as 200 set protocols bgp 100 neighbor peer route-map import PERMIT set protocols route-map PERMIT rule 1 action permit set protocols static route 20.20.0.0/24 next-hop 10.10.0.101 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 20.20.0.200/24 set protocols bgp 200 neighbor peer ebgp-multihop 1 set protocols bgp 200 neighbor peer remote-address 10.10.0.100 set protocols bgp 200 neighbor peer remote-as 100 set protocols bgp 200 neighbor peer route-map export PERMIT set protocols route-map PERMIT rule 1 action permit set protocols static route 10.10.0.0/24 next-hop 20.20.0.101 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.10.0.101/24 set interfaces ethernet eth1 address 20.20.0.101/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify eBGP session does NOT establish (insufficient hops/TTL).
Step 4: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:
20.20.0.200.*ActiveShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 100 VRF default vrf-id 0 BGP table version 0 RIB entries 0, using 0 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 20.20.0.200 10.10.0.100 4 200 0 0 0 0 0 never Active 0 0 N/A Total number of neighbors 1
Example 2
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 100 neighbor peer ebgp-multihop 3 set protocols bgp 100 neighbor peer remote-address 20.20.0.200 set protocols bgp 100 neighbor peer remote-as 200 set protocols bgp 100 neighbor peer route-map import PERMIT set protocols route-map PERMIT rule 1 action permit set protocols static route 20.20.0.0/24 next-hop 10.10.0.101 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 20.20.0.200/24 set protocols bgp 200 neighbor peer ebgp-multihop 3 set protocols bgp 200 neighbor peer remote-address 10.10.0.100 set protocols bgp 200 neighbor peer remote-as 100 set protocols bgp 200 neighbor peer route-map export PERMIT set protocols route-map PERMIT rule 1 action permit set protocols static route 10.10.0.0/24 next-hop 20.20.0.101 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.10.0.101/24 set interfaces ethernet eth1 address 20.20.0.101/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify eBGP session establishes (sufficient hops/TTL).
Step 4: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:
20.20.0.200.*EstablishedShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 100 VRF default vrf-id 0 BGP table version 0 RIB entries 0, using 0 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 20.20.0.200 10.10.0.100 4 200 2 4 0 0 0 00:00:00 Established 0 (Policy) N/A Total number of neighbors 1
Example 3
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 100 neighbor peer remote-address 20.20.0.200 set protocols bgp 100 neighbor peer remote-as 200 set protocols bgp 100 neighbor peer route-map import PERMIT set protocols bgp 100 neighbor peer ttl-security hops 1 set protocols route-map PERMIT rule 1 action permit set protocols static route 20.20.0.0/24 next-hop 10.10.0.101 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 20.20.0.200/24 set protocols bgp 200 neighbor peer remote-address 10.10.0.100 set protocols bgp 200 neighbor peer remote-as 100 set protocols bgp 200 neighbor peer route-map export PERMIT set protocols bgp 200 neighbor peer ttl-security hops 1 set protocols route-map PERMIT rule 1 action permit set protocols static route 10.10.0.0/24 next-hop 20.20.0.101 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.10.0.101/24 set interfaces ethernet eth1 address 20.20.0.101/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify eBGP session does NOT establish (insufficient hops/TTL).
Step 4: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:
20.20.0.200.*ConnectShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 100 VRF default vrf-id 0 BGP table version 0 RIB entries 0, using 0 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 20.20.0.200 10.10.0.100 4 200 0 0 0 0 0 never Connect 0 0 N/A Total number of neighbors 1
Example 4
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.10.0.100/24 set protocols bgp 100 neighbor peer remote-address 20.20.0.200 set protocols bgp 100 neighbor peer remote-as 200 set protocols bgp 100 neighbor peer route-map import PERMIT set protocols bgp 100 neighbor peer ttl-security hops 5 set protocols route-map PERMIT rule 1 action permit set protocols static route 20.20.0.0/24 next-hop 10.10.0.101 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Set the following configuration in DUT1 :
set interfaces ethernet eth1 address 20.20.0.200/24 set protocols bgp 200 neighbor peer remote-address 10.10.0.100 set protocols bgp 200 neighbor peer remote-as 100 set protocols bgp 200 neighbor peer route-map export PERMIT set protocols bgp 200 neighbor peer ttl-security hops 5 set protocols route-map PERMIT rule 1 action permit set protocols static route 10.10.0.0/24 next-hop 20.20.0.101 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 3: Set the following configuration in DUT2 :
set interfaces ethernet eth0 address 10.10.0.101/24 set interfaces ethernet eth1 address 20.20.0.101/24 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Attention
Verify eBGP session establishes (sufficient hops/TTL).
Step 4: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:
20.20.0.200.*EstablishedShow output
IPv4 Unicast Summary: BGP router identifier 10.10.0.100, local AS number 100 VRF default vrf-id 0 BGP table version 0 RIB entries 0, using 0 bytes of memory Peers 1, using 24 KiB of memory Neighbor LocalAddr V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State PfxRcd PfxSnt Desc 20.20.0.200 10.10.0.100 4 200 3 5 0 0 0 00:00:02 Established 0 (Policy) N/A Total number of neighbors 1