In a message written on Fri, Apr 12, 2002 at 05:27:50PM -0700, Mark Kent wrote:
To address Sean's point about mistakes turning one /16 into a zillion entries, is there any way to allow only some specified maximum number of routes from a bgp neighbor? I know that I'ld be happy if my upstreams gave me a buffer of, say, 10 entries above my typical number of aggregates.
I'll bite, as I have this conversation with people from time to time. There are two things you can (easily) do with transit customers (wrt prefixes): 1) Limit them to specific prefixes up to a limited length. 2) Limit the number of prefixes. My take on the "right" thing to do is: 1) Allow any netblock the customer "owns"*, up to /24. 2) Use a default prefix limit of 50, or 2 times the number of prefixes the customer owns, whichever is greater. As a service provider, you don't want to spend a lot of cycles updating prefix lists. The providers that do exact match only I think are doing a lot of work for nothing, as they are doing a lot of updates for very little gain. On the other hand, you can't let customers have unfiltered access. The absolute limits are similar. You don't want to reconfigure your device hourly, but updating it every 10 years isn't good either. So, I think customers should be allowed to go up to a /24 by default. 50 extra routes is no big deal for any transit free provider, even from a few customers. For larger customers, that's not enough headroom, but if the customer is that large some clue is assumed, and so a limit of 2x the registered (eg supernet) prefixes is probably fine. I would allow a customer a higher limit if they can demonstrate a good reason. What do you find reasonable, and more importantly, why do you find it reasonable? -- Leo Bicknell - bicknell@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org