[j-nsp] BGP Prefix-Limit On A Session
Daniel Roesen
dr at cluenet.de
Wed Feb 25 21:39:34 EST 2004
On Wed, Feb 25, 2004 at 09:20:21PM -0500, Richard A Steenbergen wrote:
> On Wed, Feb 25, 2004 at 05:17:20PM -0800, Pedro Roque Marques wrote:
> > prefix-limit is supposed to keep your box from rolling over by
> > exaustive resource comsumption from a peer.
>
> Ah the joys of developers vs operators. I don't think there are any
> network operators who would give that as the reason for using prefix
> limits. :)
Oh, there are. And actually I think Juniper is 110% right and IOS
is wrong or at least suboptimal there.
IOS max-prefix limits with soft-reconfig inbound leaves your box
pretty vulnerable to resource exhaustion.
Regards,
Daniel
More information about the juniper-nsp
mailing list