do not filter your customers
Christopher Morrow
morrowc.lists at gmail.com
Sat Feb 25 07:15:20 UTC 2012
On Fri, Feb 24, 2012 at 10:52 PM, Dobbins, Roland <rdobbins at arbor.net> wrote:
>
>> X prefixes/packets in Y seconds/milliseconds doesn't keep the peer from blowing up your RIB,
>
> How so? If the configured parameters are exceeded, stop accepting/inserting updates until this is no longer the case. Exceptions would be made for peering session establishment, it would take effect after that.
>
if the rate is 1/ms ... I can fill the rib in 2million ms ... ~30mins?
Rate alone isn't the problem :( size matters.
>> it does slow down convergence :(
>
> Yes, but is this always necessarily a Bad Thing? For example, this particular circumstance (and many like it, c.f. AS7007 incident, et. al.) it could be argued that in this particular case, [incorrect? undesirable? premature? pessimal?] convergence led to a poor result, could it not?
>
it's not clear, to me at least, that slowing convergence is good. it
seems to me that folk do all manner of 'interesting' things in order
to limit convergence time. People aren't trying to actively make
convergence take longer, that I've seen at least.
>> If you have 200 peers on an edge device, dropping the whole device's routing capabilities because of one AS7007/AS1221/AS9121 .. isn't cool
>> to your network nor the other customers on that device :(
>
> Apologies for being unclear; I wasn't suggesting dropping or removing anything, but rather refusing to further accept/insert updates from a given peer until the update rate from said peer slowed to within configured parameters.
>
yup, I think I jumped a bit around, my penalizing every other customer
was a reference to not having any limiting system in place.
>> max-prefix as it exists today at least caps the damage at one customer.
>
> But it doesn't, really, does it? The effects cascade in an anisotropic manner throughout a potentially large transit cone.
>
dropping a single customer sucks, dropping an entire edge device is
far far worse.
>> The knobs available are sort of harsh all the way around though today :(
>
> Concur again, sigh.
hurray! sort of.
thanks!
-chris
More information about the NANOG
mailing list