North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: BGP TTL check in 12.3(7)T
I am not sure that 254 is a good maximum number. Perhaps someone "in the know" can enlighten all of us as to why they chose to stop at 254 instead of 255.
I can think of at least one vendor who decremented TTL prior to letting the packet
come up to the RP. Further, the same vendor would drop the packet on the
line card when the TTL went to zero, so the RP never got a chance to see it.
I suspect that there are no other routers out there that do this today, but unless
all vendors are willing to stand up and say that they deal with such things properly
today, this is a possible issue. Allowing 254 gives some slack and doesn't open
the window significantly. If someone were to use this to attack, then at the very
worst, they are one hop away from an EBGP speaker. I suspect that this will
make them relatively easy to track down.
If folks do feel that this is a significant issue, then some operator who is both
motivated about this and about to write a big check should poll his favorite router
vendors and see if they all comply and then report back.