[c-nsp] prefix lists updates and max prefix filters

Blake Dunlap ikiris at gmail.com
Mon Dec 5 13:34:41 EST 2011


This is straight up a design problem. Don't filter what you announce,
filter what you accept, and allow what you specify via route map community
matching out.

I'm honestly surprised one of your upstreams hasn't yelled at you and made
you fix this long ago.

-Blake

On Mon, Dec 5, 2011 at 11:08, James Ashton <james at gitflorida.com> wrote:

> Hi all.
>
>  I have run into a problem that seams obvious, but is new to me.
>
>  I control outbound announcements with a prefix filter. I update this
> filter daily with a small shell script. t has been working for several
> years now without problem, but for the last few months one of our upstreams
> has dropped our session for hitting a max prefix filter. The session drops
> within seconds of issuing the "no ip prefix-list XXX" command.   Before I
> can rebuild the filter.
>
>  As I said, the problem seams obvious, but the solutions all seam less
> than elegant. I can only really see 2 ways through it, but I am probably
> missing several.  First would be to run a prefix list and an access list
> and update them one at a time.   So one it always in place.  The second
> would be to edit the prefix list one line at a time and never actually
> regenerate the entire list in one shot.  This seams the most proper/elegant
> method and the one putting the least CPU strain on a hard working router.
> It would also cause me to write good bit more code that no-one else here
> could edit.
>
> I am using rtconfig to generate the lists, so adding another isn't a huge
> project, but will add additional CPU time to a router that is begging for
> more CPU as it is.
>
>
> Thoughts?
>
>
> Thank You
> James
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list