[c-nsp] BGP communities limiting.

[Danny Pinto]

Hi ,

On a MPLS network offering L3 VPN services , There is a situation where a MP-eBGP update with more than 128 extended communities RTs brings down VPNv4 sessions between the RR and 7600 PEs due to a bug CSCee30718 on old code of 7600.

On the old code if an MP-BGP update with more than 128 RTs or 255 standard communities will reset the session . On the new codes the limit has been lifted.

Now the only solution to prevent these situation is upgrade to a newer code or do filtering for communities at edge where I have some findings & questions.

- Extended communities RTs also can be set on a IPv4 unicast session by a CE towards PE of a MPLS network and RTs get exported into VRF & network automatically . PE has to filter these. Not sure how many SPs do this ?
- On a session a BGP update for a prefix can have lots of standard and extended communities , Is there a limit ?
- If an unauthorized BGP speaker sends prefixes with lots of standard and extended communities on it can eat it up memory ?

I see a need for a CLI knob to drop updates with once the number of communities crosses a limit on a update like one already for ASPATH - bgp maxas-limit.

Any suggestions or ideas ?

Thanks !!
Dan