I think what this is is just a new (potentially) knob that can be turned. If you don't want to turn it that's your deal, you run your network how you want. There's been no suggestion that there be some explicit default value or even that its turned on by default so behavior won't change unless configured and if you configure it, you are on the hook for knowing how that might affect the behavior of your network. I would expect BGP speakers (router vendors / software devs) to implement this in a way such that it would syslog or otherwise trigger when the number of outbound prefixes reaches a specific percentage (of configured limit) or hard number so that either an engineer could respond or automation take place to do something in response. On Thu, Aug 31, 2017 at 9:21 AM, Jörg Kost <jk@ip-clear.de> wrote:
Hi,
but in reality you will factorise and summarize outbound and inbound numbers, create spare room for sessions and failover scenarios and therefore leaks and especially partial leaks can still occur.
In another example scenario the BGP process may not only shutdown the session to B, that has run into an outbound warning, but all other sessions to prevent "leaks". Last-resort the router will only judge by the number of the prefixes and therefore could shutdown himself by accident, especially if this router was not the origin. That could be a global headache ;-)
Jörg
On 31 Aug 2017, at 13:06, Job Snijders wrote:
Dear Jörg,
On Thu, Aug 31, 2017 at 12:50:58PM +0200, Jörg Kost wrote:
but isn't peer A prefix-out a synonym for peer B prefix-in, that will lead to the same result, e.g. a BGP teardown?
I just feel that this will add another factor, that people will not use or abuse: neigh $x max-out infinite
I feel you may be overlooking a key aspect here: Currently all of us rely on our peer's 'inbound maximum prefix limit', and obviously these are not always set correctly. An 'outbound maximum prefix limit' offers networks that care about the rest of the world the option to 'self-destruct' the EBGP session in order to protect others.
-- [stillwaxin@gmail.com ~]$ cat .signature cat: .signature: No such file or directory [stillwaxin@gmail.com ~]$