Max Prefix Out, was Re: Verizon 701 Route leak?

Christopher Morrow morrowc.lists at gmail.com
Thu Aug 31 15:57:19 UTC 2017


On Thu, Aug 31, 2017 at 11:24 AM, Leo Bicknell <bicknell at ufp.org> wrote:

> In a message written on Thu, Aug 31, 2017 at 12:50:58PM +0200, J??rg Kost
> wrote:
> > What about adding an option to the BGP session that A & B do agree on a
> > fixed number of prefixes in both directions, so Bs prefix-in could be As
> > prefix-out automatically?
>
> As others have pointed out, that's harder to do, but there's a
> different reason it may not be desireable.
>
> If a peer sets a limit to tear down the session with no automatic
> reset, forcing a call to their NOC to get a human to reset it then
> it may be advantageous to set your side to tear down at N-1 prefixes.
> That way you can insure restoration at the speed of your NOC, and
> not at the speed of your peer's.
>

Generally controlling your own destiny is preferred, I agree with that.
I think also being able to say: "I shouldn't ever send more than 477
routes, let's round up for ops reasons to 1k max" seems like a great  way
to make your network safer for the rest of the network.

Yes, people (as job and others noted) could set 'too high' limits...
  ok, that's their decision to make.

Yes, maybe in the 523 prefixes that leak in my example there could be some
affected party...
  I think it's pretty unlikely that there will be widescale damage from a
small number of routes leaking, there are certainly plenty of documented
cases of wide scale problems from full table leaks though :)

Yes, your sessions might bounce or stay-down...
  it's probably better to go down on a some peers and have control to get
back up on your side, than to cause widescale outages due to a full table
leak.

i'd be in favor of a output max prefix limit knob.



More information about the NANOG mailing list