nanog mailing list archives
Route Filtering (Was: Re: genuity - any good?)
From: Leo Bicknell <bicknell () ufp org>
Date: Fri, 12 Apr 2002 22:20:19 -0400
In a message written on Fri, Apr 12, 2002 at 05:27:50PM -0700, Mark Kent wrote:
To address Sean's point about mistakes turning one /16 into a zillion entries, is there any way to allow only some specified maximum number of routes from a bgp neighbor? I know that I'ld be happy if my upstreams gave me a buffer of, say, 10 entries above my typical number of aggregates.
I'll bite, as I have this conversation with people from time to time. There are two things you can (easily) do with transit customers (wrt prefixes): 1) Limit them to specific prefixes up to a limited length. 2) Limit the number of prefixes. My take on the "right" thing to do is: 1) Allow any netblock the customer "owns"*, up to /24. 2) Use a default prefix limit of 50, or 2 times the number of prefixes the customer owns, whichever is greater. As a service provider, you don't want to spend a lot of cycles updating prefix lists. The providers that do exact match only I think are doing a lot of work for nothing, as they are doing a lot of updates for very little gain. On the other hand, you can't let customers have unfiltered access. The absolute limits are similar. You don't want to reconfigure your device hourly, but updating it every 10 years isn't good either. So, I think customers should be allowed to go up to a /24 by default. 50 extra routes is no big deal for any transit free provider, even from a few customers. For larger customers, that's not enough headroom, but if the customer is that large some clue is assumed, and so a limit of 2x the registered (eg supernet) prefixes is probably fine. I would allow a customer a higher limit if they can demonstrate a good reason. What do you find reasonable, and more importantly, why do you find it reasonable? -- Leo Bicknell - bicknell () ufp org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request () tmbg org, www.tmbg.org
Current thread:
- Re: genuity - any good?, (continued)
- Re: genuity - any good? Roy (Apr 12)
- Re: genuity - any good? Neil J. McRae (Apr 12)
- Re: genuity - any good? Simon Lyall (Apr 12)
- Re: genuity - any good? Stephen Griffin (Apr 12)
- Re: genuity - any good? Roy (Apr 12)
- Re: genuity - any good? Aditya (Apr 12)
- Re: genuity - any good? Sean Donelan (Apr 12)
- Re: genuity - any good? David Schwartz (Apr 12)
- Re: genuity - any good? Richard A Steenbergen (Apr 13)
- Re: genuity - any good? Mark Kent (Apr 12)
- Route Filtering (Was: Re: genuity - any good?) Leo Bicknell (Apr 12)
- RE: genuity - any good? David Luyer (Apr 12)
- limiting # of prefixes from a BGP peer (Was: Re: genuity - any good?) Rafi Sadowsky (Apr 13)
- Re: limiting # of prefixes from a BGP peer (Was: Re: genuity - any good?) German Martinez (Apr 13)
- Re: genuity - any good? Roy (Apr 12)
- Re: genuity - any good? Stephen Griffin (Apr 15)
- Re: genuity - any good? matthew zeier (Apr 12)