While implementing TTL security, you issue the PE(config-router-af)#neighbor 2.2.2.2 ttl-security hops 2 command.
After you issue this command, which BGP packets does the PE accept?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
https://www.cisco.com/c/en/us/td/docs/ios/12_2sx/feature/guide/fsxebtsh.html#wp1059215The command "neighbor 2.2.2.2 ttl-security hops 2" enables Time-to-Live (TTL) security on the Border Gateway Protocol (BGP) neighbor 2.2.2.2. TTL security protects against BGP prefix hijacking attacks by ensuring that the received BGP packets have a valid TTL value.
In general, a TTL value is a counter that is decremented by one each time a packet passes through a router. If the TTL value reaches zero, the packet is discarded. By setting a hop limit (i.e., the maximum number of hops a packet can take before being discarded), TTL security can ensure that BGP packets are not accepted from BGP neighbors that are more than a certain number of hops away.
With the "hops 2" parameter, the command sets a hop limit of 2. Therefore, the PE router accepts BGP packets from the neighbor 2.2.2.2 if the TTL value in the packet is 2 or more. This is because the TTL value is decremented by one for each hop, and the packet must have at least one hop left before reaching the PE router (i.e., the TTL value must be 2 or more) to be accepted.
Therefore, the answer is (A) "to 2.2.2.2, with a TTL of 2 or more". The other options are incorrect because they do not take into account the specific hop limit set by the "hops 2" parameter in the command.