On 10/10/22 16:58, Edvinas Kairys wrote:
> Hello,
>
> We're considering to buy some Cisco boxes - NCS-55A1-24H. That box has
> 24x100G, but only 2.2mln route (FIB) memory entries. In a near future
> it will be not enough - so we're thinking to deny all /24s to save the
> memory. What do you think about that approach - I know it could
> provide some misbehavior. But theoretically every filtered /24 could
> be routed via smaller prefix /23 /22 /21 or etc. But of course it
> could be a situation when denied /24 will not be covered by any
> smaller prefix.
I wouldn't bank on that.
I am confident I have seen /24's with no covering route, more so for PI
space from RIR's that may only be able to allocate a /24 and nothing
shorter.
It would be one heck of an experiment, though :-).
Mark.
I may or may not have done something like this at $PREVIOUS_DAY_JOB.
We (might have) discovered some interesting brokenness on the Internet in doing so;
in one case, a peer was sending a /20 across exchange peering sessions with us,
along with some more specific /24s. After filtering out the /24s, traffic rightly flowed
to the covering /20. Peer reached out in an outraged huff; the /24s were being
advertised from non-backbone-connected remote sites in their network, that suddenly
couldn't fetch content from us anymore. Traceroutes from our side followed the /20
back to their "core", and then died. They explained the /24s were being advertised
from remote sites without backbone connections to the site advertising the /20, and
we needed to stop sending traffic to the /20, and send it directly to the /24 instead.
We demurred, and let them know we were correctly following the information in the
routing table.