[c-nsp] Re: Good practices for peering
David J. Hughes
bambi at Hughes.com.au
Sat Dec 31 22:29:18 EST 2005
On 31/12/2005, at 6:52 PM, Danny McPherson wrote:
> Right, and if you're not filtering explicitly and prefer customer
> routes over peers, in this instance, your customer instantly becomes
> the preferred path to that full set of Internet destinations.
Although explicit customer prefix filters is naturally the best
solution, you can also slip in an absolute fail-safe for this using
neighbor a.b.c.d maximum-prefix 1000 70
or similar (on the assumption that a client doesn't announce more than
1000 prefixes to you). If they misconfig their end and send you a full
table it'll just shutdown the peer for you. The 70% warning threshold
is a nice touch just for completeness. You can't have too many
safe-guards can you?
David
...
More information about the cisco-nsp
mailing list