Let me chime in and attempt to explain why a couple of solutions I've seen so far in this thread won't work: - rate-limiting/throttling updates: BGP by protocol does not repeat updates; if an update is sent then the sender assumes that the receiver has received it and will remember it until a change or a withdrawal. If you rate limit announcements, either you hold things off in a buffer, which would need a very large buffer, or you drop updates, which would lead to inconsistent views on the two sides of the session. What if a legitimate update was among the large burst? - max-prefix: it is currently used to prevent large bursts of updates but it won't stop Youtube incident, which was more targeted. Perhaps the YT incident falls into a different category from 'route leaks' but without a clear definition of the latter we simply cannot say. Also, max-prefix causes problems in slowly-increasing peers or peers with new large customers and people not bothered to adjust the max-prefix value accordingly. - max-prefix in the form of a percentage: some peers actually are very stable in the number of prefixes they announce, and some are not. Both are probably valid depending on your business model/requirements. A x% may be too lax for one company but too little for another. Figuring the right number (or even a ballpark) is probably a lot harder than a simple max-prefix value. I have seen ASes that announce hundreds to tens of thousands of prefixes on a periodic basis. Percentages also don't work so well for ASes with single-digit or low-double-digit number of of prefixes. Dongting