do not filter your customers

Dobbins, Roland rdobbins at
Sat Feb 25 03:52:56 UTC 2012

On Feb 25, 2012, at 9:39 AM, Christopher Morrow wrote:

> it seems to me that most of the options discussed for this are .. bad, in one dimension or another :(


> X prefixes/packets in Y seconds/milliseconds doesn't keep the peer from blowing up your RIB,

How so?  If the configured parameters are exceeded, stop accepting/inserting updates until this is no longer the case.  Exceptions would be made for peering session establishment, it would take effect after that.

> it does slow down convergence :(

Yes, but is this always necessarily a Bad Thing?  For example, this particular circumstance (and many like it, c.f. AS7007 incident, et. al.)  it could be argued that in this particular case, [incorrect?  undesirable?  premature? pessimal?] convergence led to a poor result, could it not?

> If you have 200 peers on an edge device, dropping the whole device's routing capabilities because of one AS7007/AS1221/AS9121 .. isn't cool
> to your network nor the other customers on that device :(

Apologies for being unclear; I wasn't suggesting dropping or removing anything, but rather refusing to further accept/insert updates from a given peer until the update rate from said peer slowed to within configured parameters.

> max-prefix as it exists today at least caps the damage at one customer.

But it doesn't, really, does it?  The effects cascade in an anisotropic manner throughout a potentially large transit cone.

> The knobs available are sort of harsh all the way around though today :(

Concur again, sigh.

Roland Dobbins <rdobbins at> // <>

	  Luck is the residue of opportunity and design.

		       -- John Milton

More information about the NANOG mailing list