[195652] in North American Network Operators' Group
Re: Max Prefix Out, was Re: Verizon 701 Route leak?
daemon@ATHENA.MIT.EDU (=?utf-8?q?J=C3=B6rg?= Kost)
Thu Aug 31 10:17:33 2017
X-Original-To: nanog@nanog.org
From: "=?utf-8?q?J=C3=B6rg?= Kost" <jk@ip-clear.de>
To: "Job Snijders" <job@ntt.net>
Date: Thu, 31 Aug 2017 15:21:44 +0200
In-Reply-To: <20170831110658.GH29058@Vurt.local>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Hi,
but in reality you will factorise and summarize outbound and inbound
numbers, create spare room for sessions and failover scenarios and
therefore leaks and especially partial leaks can still occur.
In another example scenario the BGP process may not only shutdown the
session to B, that has run into an outbound warning, but all other
sessions to prevent "leaks". Last-resort the router will only judge by
the number of the prefixes and therefore could shutdown himself by
accident, especially if this router was not the origin. That could be a
global headache ;-)
Jörg
On 31 Aug 2017, at 13:06, Job Snijders wrote:
> Dear Jörg,
>
> On Thu, Aug 31, 2017 at 12:50:58PM +0200, Jörg Kost wrote:
>> but isn't peer A prefix-out a synonym for peer B prefix-in, that will
>> lead to the same result, e.g. a BGP teardown?
>>
>> I just feel that this will add another factor, that people will not
>> use or abuse: neigh $x max-out infinite
>
> I feel you may be overlooking a key aspect here: Currently all of us
> rely on our peer's 'inbound maximum prefix limit', and obviously these
> are not always set correctly. An 'outbound maximum prefix limit'
> offers
> networks that care about the rest of the world the option to
> 'self-destruct' the EBGP session in order to protect others.
>
