Re: Setting sensible max-prefix limits

[Andrew Gallo <akg1330 () gmail com>]

On 8/18/2021 5:33 AM, Lars Prehn wrote:
> As I understand by now, it is highly recommended to set a max-prefix 
> limit for peering sessions. Yet, I can hardly find any recommendations 
> on how to arrive at a sensible limit.
>
> I guess for long standing peers one could just eyeball it, e.g., current 
> prefix count + some safety margin. How does that work for new peers? Do 
> you negotiate/exchange sensible values whenever you establish a new 
> session? Do you rely on PeeringDB (if available)? Do you apply default 
> values to everyone except the big fishes?
>
> Apart from your peers, do you also apply a limit to your transit sessions?
>
> Best regards,
>
> Lars


Our semi-automated process...
Check the peering routers for any peers that have a prefix limit set (we 
don't set limits on transit or iBGP, so we skip those groups)

Record what the current limit is.

Check peeringDB for what the network says the limit should be.

If configured max prefix < peeringDB, inform a config change is needed;
if configured max prefix > peeringDB, the network isn't keeping its 
record up to date.  no need for change

I've thought about adding additional headroom to what is advertised in 
peeringDB, but we haven't had the limits triggered in so long, it may 
not be worth it.

Attachment: OpenPGP_0x1C61021F8B5942A2.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature