Hi, I am trying to implement BGP TTL security between one of my routers and an eBGP peer that is one hop away over a layer 2 IX. As soon as I add: neighbor 212.121.34.1 ttl-security hops 2 or neighbor 212.121.34.1 ttl-security hops 1 The peer drops to active/open sent with entries in syslog for hold time expired. I have validated via trace in both directions as being 1 hop. I have read another article that implies the default behaviour at the other end will to be send TTL 1 not 255 and consequently I need to configure both ends to get the session to come back up. An access list reveals all the packets I am receiving have a TTL of 0. The session re-establishes if I configure: neighbor 212.121.34.1 ttl-security hops >=192 <=191 and the session stays down. Which is proper bizarre! Is it necessary to configure this on both side for the session to re-establish. Is this a Cisco bug? Kind Regards Ben Butler ++++++++++++++++++++++++++++++++++++++++++ C2 Internet Ltd Globe House, The Gullet, Nantwich, Cheshire, CW5 5RL E mailto:ben.butler@c2internet.net W http://www.c2internet.net/ B1 http://c2internet.blogspot.com/ B2 http://c2noc.blogspot.com/ T +44-(0)845-658-0020 F +44-(0)845-658-0070 All quotes & services from C2 are bound by our standard terms and conditions which are available on our website at: http://www.c2internet.net/legal/main.htm#tandc C2 Internet Limited is a company registered in England and Wales with company number 03910154 Our VAT Registration number is GB 752 7650 17