Max Prefix Out, was Re: Verizon 701 Route leak?
Job Snijders
job at ntt.net
Thu Aug 31 11:06:58 UTC 2017
Dear Jörg,
On Thu, Aug 31, 2017 at 12:50:58PM +0200, Jörg Kost wrote:
> but isn't peer A prefix-out a synonym for peer B prefix-in, that will
> lead to the same result, e.g. a BGP teardown?
>
> I just feel that this will add another factor, that people will not
> use or abuse: neigh $x max-out infinite
I feel you may be overlooking a key aspect here: Currently all of us
rely on our peer's 'inbound maximum prefix limit', and obviously these
are not always set correctly. An 'outbound maximum prefix limit' offers
networks that care about the rest of the world the option to
'self-destruct' the EBGP session in order to protect others.
An 'outbound maximum prefix limit' is a 'permissionless' feature in that
you do not require cooperation or support from your peering partner at
the other end of the sessio in order to deploy the 'self-destruct to
protect' mechanism.
If you don't want to use it, then don't. If people configure "neighbor
$x max-out infinite" that is fine by me, at least they made a conscience
choice, it is no worse than today, and it is clearly documented in the
running-configuration what the ramifications of the EBGP session could
be.
> What about adding an option to the BGP session that A & B do agree on
> a fixed number of prefixes in both directions, so Bs prefix-in could
> be As prefix-out automatically?
I prefer unilateral permissionless mechanisms. Adding new negotiable
options to BGP sessions is a lot of work and requires both parties to
run software that supports the new feature, whatever it is. Anything
that can be done without requiring your peer's cooperation will be more
robust.
Kind regards,
Job
More information about the NANOG
mailing list