OSPF TTL Security Check

Hello again Chris.

You must remember that the value configured in the ttl-security all-interfaces hops command is the number of allowed hops and not the actual value of the TTL field. The value is essentially a threshold.

The default value is actually 0. This means that it will accept any values of TTL equal to or greater than 255-0. Since routing decrements the TTL by one, this means that only OSPF packets from directly connected devices will be accepted.

If this threshold is configured at 100 hops, then only packets with a TTL higher than 255-100 = 155 will be accepted. That means that packets with a TTL within the range of 155 to the maximum of 255 will be accepted.

I hope this has been helpful!

Laz