Setting sensible max-prefix limits
Andrew Gallo
akg1330 at gmail.com
Wed Aug 18 13:48:11 UTC 2021
On 8/18/2021 5:33 AM, Lars Prehn wrote:
> As I understand by now, it is highly recommended to set a max-prefix
> limit for peering sessions. Yet, I can hardly find any recommendations
> on how to arrive at a sensible limit.
>
> I guess for long standing peers one could just eyeball it, e.g., current
> prefix count + some safety margin. How does that work for new peers? Do
> you negotiate/exchange sensible values whenever you establish a new
> session? Do you rely on PeeringDB (if available)? Do you apply default
> values to everyone except the big fishes?
>
> Apart from your peers, do you also apply a limit to your transit sessions?
>
> Best regards,
>
> Lars
>
>
Our semi-automated process...
Check the peering routers for any peers that have a prefix limit set (we
don't set limits on transit or iBGP, so we skip those groups)
Record what the current limit is.
Check peeringDB for what the network says the limit should be.
If configured max prefix < peeringDB, inform a config change is needed;
if configured max prefix > peeringDB, the network isn't keeping its
record up to date. no need for change
I've thought about adding additional headroom to what is advertised in
peeringDB, but we haven't had the limits triggered in so long, it may
not be worth it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x1C61021F8B5942A2.asc
Type: application/pgp-keys
Size: 5469 bytes
Desc: OpenPGP public key
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210818/ae497876/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210818/ae497876/attachment.sig>
More information about the NANOG
mailing list