[c-nsp] Non-default BGP hold / keepalive timers

Simon Leinen simon at limmat.switch.ch
Fri Nov 18 18:39:29 EST 2005


Bruce Pinsky writes:
> And one could argue that setting a minimum required holdtime could
> be considered a best practice to avoid someone intentionally or
> unintentionally causing undue CPU load on your system.

Oh gee.  The worst-case is that your evil/stupid peer imposes a
one-second KeepAlive timer upon you.  I think that these days, the
typical full-route feed averages about an UPDATE per second.  I
suppose that even Cisco can optimize KEEPALIVE processing so that the
router doesn't explode if it has to process as many keepalives as
updates.

What value would you suggest for the new "minimum holdtime" knob?  60
would enforce the Cisco default, but would prevent interoperability
with the Juniper (and BGP-4 RFC) default.  Hmm, then maybe one has to
tolerate 30...

While in general I think it's a good idea to have knobs like this, I
fail to see the urgency for this particular one.  The folks who wrote
RFC 1771 thought about this and decided to put in a minimum keepalive
interval:

    KEEPALIVE messages MUST NOT be sent more frequently than one per
    second.

This is what was deemed safe in 1994.  Have computers, sorry I meant
router "control planes", gotten that much slower in 11 years?

> I also see no such capability in JunOS.

Maybe because they don't think it is necessary to defend their routers
against the "DoS attack" of someone asking them to send a KeepAlive
message every second.
-- 
Simon.



More information about the cisco-nsp mailing list