[86155] in North American Network Operators' Group
Re: Level 3 RFO
daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Oct 24 12:39:23 2005
From: Florian Weimer <fw@deneb.enyo.de>
To: nanog@merit.edu
Date: Mon, 24 Oct 2005 18:37:35 +0200
In-Reply-To: <20051024155735.GA7976@srv01.cluenet.de> (Daniel Roesen's message
of "Mon, 24 Oct 2005 17:57:35 +0200")
Errors-To: owner-nanog@merit.edu
* Daniel Roesen:
> On Mon, Oct 24, 2005 at 01:25:23PM +0200, Florian Weimer wrote:
>> >> Are there any configuration tweaks which can locally confine such an
>> >> event? Something like the hard prefix limit for BGP, perhaps.
>> >
>> > JunOS:
>> > set protocols ospf prefix-export-limit <n>
>> > set protocols isis level <n> prefix-export-limit <n>
>>
>> Wouldn't an import limit be better?
>
> We're talking link-state protocols here... they need to have the same
> view everywhere. The only thing you can limit is what you inject into
> the (IGP-)global view.
What a pity. There isn't an ugly workaround, either? There has to be
something that can be done, given the operational risk that is
involved.
Certainly, this adds a new dimension to the "distributed single point
of failure" concept. 8-(
>> If you've got a almost-fully-meshed MPLS core, export limits won't
>> really work, will they?
>
> I don't understand this question. What has MPLS to do with IGP route
> filtering?!?
It's the "almost fully-meshed" part. In such a setup, a single router
which exceeds the limit can affect a large part of the the network,
even if other routers do not propagate the bogus data.
But as you say, if the limit you mentioned is just a local limit on
redistribution to the IGP for a single router, my point is moot--if
it's in the IGP, you lose because the limit does not apply to routes
which are received over the IGP.
