[j-nsp] prefix-limit effectiveness
Richard A Steenbergen
ras at e-gerbil.net
Thu Feb 5 19:04:21 EST 2009
On Thu, Feb 05, 2009 at 02:05:14PM -0800, Dan Farrell wrote:
>
>
> Then I limit the number of prefixes it will even look at to 5000 -
>
> import default-route;
> family inet {
> unicast {
> prefix-limit {
> maximum 5000;
...
> This is effective- I have only the default to use from my upstream.
> But I keep generating tons of log messages because I keep getting (and
> rejecting) tons of routes. Without asking the upstream to not
> advertise the full route table, is there something I can do on my end
> to limit the syslog messages I keep getting?
>
> Feb 5 19:00:43 nap-r2-edge-2 rpd[82464]: RPD_RT_PREFIX_LIMIT_REACHED: Number of prefixes (4000) in table inet.0 still exceeds or equals configured maximum (4000)
Well technically speaking you can always filter by regexp anything that
you send to system, but what you really want is accepted-prefix-limit
instead of prefix-limit above.
Prefix-limit is applied to all routes received by the router, even if
they are rejected by your import policy. Basically this protects router
DRAM from something going wild and sending you a billion routes, but is
less useful as a policy protection, or in your case to limit the number
of routes being installed to FIB.
Accepted-prefix-limit is a relatively new feature added in 9.2 (and
pardon me while I do a little dance about it, but this is one of my
feature requests which I've been asking for for 6 years and it just
finally got implemented! :P) which limits the number of routes AFTER
your import policy has been applied. In the example above, even though
you are receiving a full table, you are rejecting all but 1 route in
policy, so the value that would be evaluated yb accepted-prefix-limit is
1.
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list