paul at jakma
Jun 2, 2009, 10:07 AM
Post #2 of 4
Is this the most recent version of the patch?
On Tue, 11 Nov 2008, Nick Hilliard wrote:
> I've attached a patch set to implement RFC 5082 GTSM for quagga. This
> depends on the IP_MINTTL socket option which was implemented by Andre
> The code is implemented using the "neighbor XXX ttl-security hops YYY"
> command in the BGP router context. The configuration is fully compatible
> with the equivalent Cisco IOS commands. Normally, YYY will be set to be the
> number of hops between the two bgp neighbors. The process works as follows:
> - all outgoing packets are set up with TTL of "MAXTTL + 1 - gtsm_hops"
> - all incoming packets are checked to ensure that the TTL falls within the
> hop limit specified in the configuration
> Internally, this is implemented by silently using the ebgp-multihop command
> when ttl-security hops is configured on a neighbor, and by configuring the
> master BGP listening socket to have a TTL of 255.
> The code prohibits ebgp-multihop and ttl-security from being configured
> I've fixed a very minor bug in peer_ebgp_multihop_set_vty() and
> peer_ebgp_multihop_unset_vty(). These commands should not return CMD_SUCCESS
> by default.
> If "ttl-security hops" is configured on an operating system which does not
> support the IP_MINTTL socket option, or if ttl security is enabled on an IPv6
> socket, then a warning will be logged on the system log. However, bgpd will
> accept the configuration.
> ttl-security hops is fully peer-group aware (including checking for conflicts
> with ebgp-multihop).
> Usage is described in the cisco documentation:
> Under normal circumstances the ttl-security hops parameter should be set to
> the exact number of hops between the two BGP peers. So, for directly
> connected peers, this will be "ttl-security hops 1".
> Cisco have also implemented GTSM for OSPF. I haven't attempted that with
> this patch, and don't have any plans to do so in future.
> - Right now, this socket option is supported in FreeBSD >= 5.x, OpenBSD
>> =4.1 and DragonflyBSD >= 2.0.0. There is a minor bug in all these
> implementations which is addressed here:
> - as there is no equivalent IP6_MINTTL socket option, this only works for
> IPv4 sockets.
Paul Jakma paul [at] clubi paul [at] jakma Key ID: 64A2FF6A
Hard reality has a way of cramping your style.
-- Daniel Dennett
Quagga-dev mailing list
Quagga-dev [at] lists