[j-nsp] EX Series | 10.4R3.4 Limited Received Routes
Bill Blackford
bblackford at gmail.com
Sun May 1 23:26:38 EDT 2011
Thanks Richard. Great comments on and off list. Thank you.
This just happened to be the first time I tested this scenario. I had
a fundamental misunderstanding of the behavior of the RIB/FIB on the
EX. In production, my EX's only get IGP and local AS.
As a side note, when I filter by upto /19 from what I receive from my
upstreams, I see about 28k.
Thanks again,
-b
On Sun, May 1, 2011 at 6:19 PM, Richard A Steenbergen <ras at e-gerbil.net> wrote:
> On Sat, Apr 30, 2011 at 08:48:59AM -0700, Bill Blackford wrote:
>> So if what you are saying is that the EX, only being capable of 16k
>> routes, will only "Receive" and "Accept" a random smattering of a full
>> table being sent up to 16k and any filters beyond that filter on the
>> 16k "Received" and installs that balance as "Active"?
>>
>> If this assumption is correct, then what I'm seeing is expected
>> behavior?
>
> The 16k limit is a RIB limit from the default hard-coded configuration
> on small-EX's. This doesn't really protect the FIB, as the FIB is much
> smaller still, more along the lines of 12k total unicast entries for
> IPv4 (and much less if you actually install IPv6 routes) on
> EX3200/4200..
>
> You can see the RIB limit at /etc/config/ex-series-defaults.conf:
>
> routing-options {
> rib inet.0 {
> maximum-prefixes 16384;
> }
> rib inet6.0 {
> maximum-prefixes 4096;
> }
>
> All you have to do to override this is apply those options with
> increased values to your own configuration. Of course if you do, you'll
> immediately hit the next limit, a hard-coded maximum data size of 128MB
> which will cause rpd to coredump when it allocates that much memory. To
> change this, you have to edit /boot/loader.conf and increase the
> kern.maxdsiz line to something a little more sensible (like say 512MB).
> Unfortunately this value will be blown away every time you do a new
> jinstall, so you'll need to keep it up to date every time you upgrade.
>
> To not flood your FIB, you'll need to block a bunch of routes at the
> RIB->FIB export layer, which happens in a policy you apply at
> "routing-options forwarding-table export XXXXXX". For example, you might
> want to allow a default, static, isis|ospf, and some internal cust
> routes, but otherwise block the rest of the BGP routes to keep the table
> size small.
>
> None of this has anything to do with an arbitrary liit of 28k active
> routes. If you were bumping up against the maximum-prefixes config, the
> number would be 16k total for the RIB, not 28k. When this limit gets
> hit the future routes are just silently dropped from the RIB, which is
> certainly a lot better than the Cisco method of disabling CEF and making
> the box unusuable until someone goes to reboot it. :)
>
> --
> Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
> GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
>
--
Bill Blackford
Network Engineer
Logged into reality and abusing my sudo privileges.....
More information about the juniper-nsp
mailing list