diff --git a/tripleo_ansible/roles/tripleo_frr/defaults/main.yml b/tripleo_ansible/roles/tripleo_frr/defaults/main.yml
index a12c18d96..a63a47176 100644
--- a/tripleo_ansible/roles/tripleo_frr/defaults/main.yml
+++ b/tripleo_ansible/roles/tripleo_frr/defaults/main.yml
@@ -26,6 +26,7 @@ tripleo_frr_bgp_ipv4_allowas_in: false
 tripleo_frr_bgp_ipv4_src_network: ctlplane
 tripleo_frr_bgp_ipv6: true
 tripleo_frr_bgp_ipv6_allowas_in: false
+tripleo_frr_bgp_neighbor_ttl_security_hops: 1
 tripleo_frr_bgp_uplinks_scope: internal
 tripleo_frr_config_basedir: "/var/lib/config-data/ansible-generated/frr"
 tripleo_frr_hostname: "{{ ansible_hostname }}"
diff --git a/tripleo_ansible/roles/tripleo_frr/templates/frr.conf.j2 b/tripleo_ansible/roles/tripleo_frr/templates/frr.conf.j2
index 34ef78a8c..68b3fee90 100644
--- a/tripleo_ansible/roles/tripleo_frr/templates/frr.conf.j2
+++ b/tripleo_ansible/roles/tripleo_frr/templates/frr.conf.j2
@@ -18,6 +18,9 @@ router bgp {{ tripleo_frr_bgp_asn }}
 {% for iface in tripleo_frr_bgp_uplinks_mapped %}
   neighbor {{ iface }} interface peer-group uplink
 {% endfor %}
+{% if tripleo_frr_bgp_neighbor_ttl_security_hops | int > 0 %}
+  neighbor uplink ttl-security hops {{ tripleo_frr_bgp_neighbor_ttl_security_hops }}
+{% endif %}
 
 {% if tripleo_frr_bgp_ipv4 %}
   address-family ipv4 unicast