Setting sensible max-prefix limits

Andrew Gallo akg1330 at
Wed Aug 18 13:48:11 UTC 2021

On 8/18/2021 5:33 AM, Lars Prehn wrote:
> As I understand by now, it is highly recommended to set a max-prefix 
> limit for peering sessions. Yet, I can hardly find any recommendations 
> on how to arrive at a sensible limit.
> I guess for long standing peers one could just eyeball it, e.g., current 
> prefix count + some safety margin. How does that work for new peers? Do 
> you negotiate/exchange sensible values whenever you establish a new 
> session? Do you rely on PeeringDB (if available)? Do you apply default 
> values to everyone except the big fishes?
> Apart from your peers, do you also apply a limit to your transit sessions?
> Best regards,
> Lars

Our semi-automated process...
Check the peering routers for any peers that have a prefix limit set (we 
don't set limits on transit or iBGP, so we skip those groups)

Record what the current limit is.

Check peeringDB for what the network says the limit should be.

If configured max prefix < peeringDB, inform a config change is needed;
if configured max prefix > peeringDB, the network isn't keeping its 
record up to date.  no need for change

I've thought about adding additional headroom to what is advertised in 
peeringDB, but we haven't had the limits triggered in so long, it may 
not be worth it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x1C61021F8B5942A2.asc
Type: application/pgp-keys
Size: 5469 bytes
Desc: OpenPGP public key
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the NANOG mailing list