[c-nsp] prefix lists updates and max prefix filters

Mack McBride mack.mcbride at viawest.com
Thu Dec 8 12:37:15 EST 2011 

Not filtering announcements isn't really an answer.
You run into the same problems with a route-map.
The best solution is to use both a route-map and a prefix-filter.
Your upstream should also be using a filter.

LR Mack McBride
Network Architect

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Blake Dunlap
Sent: Monday, December 05, 2011 11:35 AM
To: James Ashton
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] prefix lists updates and max prefix filters

This is straight up a design problem. Don't filter what you announce, filter what you accept, and allow what you specify via route map community matching out.

I'm honestly surprised one of your upstreams hasn't yelled at you and made you fix this long ago.

-Blake

On Mon, Dec 5, 2011 at 11:08, James Ashton <james at gitflorida.com> wrote:

> Hi all.
>
>  I have run into a problem that seams obvious, but is new to me.
>
>  I control outbound announcements with a prefix filter. I update this 
> filter daily with a small shell script. t has been working for several 
> years now without problem, but for the last few months one of our 
> upstreams has dropped our session for hitting a max prefix filter. The session drops
> within seconds of issuing the "no ip prefix-list XXX" command.   Before I
> can rebuild the filter.
>
>  As I said, the problem seams obvious, but the solutions all seam less 
> than elegant. I can only really see 2 ways through it, but I am 
> probably missing several.  First would be to run a prefix list and an access list
> and update them one at a time.   So one it always in place.  The second
> would be to edit the prefix list one line at a time and never actually 
> regenerate the entire list in one shot.  This seams the most 
> proper/elegant method and the one putting the least CPU strain on a hard working router.
> It would also cause me to write good bit more code that no-one else 
> here could edit.
>
> I am using rtconfig to generate the lists, so adding another isn't a 
> huge project, but will add additional CPU time to a router that is 
> begging for more CPU as it is.
>
>
> Thoughts?
>
>
> Thank You
> James
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list