[j-nsp] large subnet/no memory

Mon Feb 11 13:29:59 EST 2013

The Drifter writes:
>One of our ops team configured a /3 by mistake instead of /30 and resulted in an ARP sto
>rm and FPCs running out of memory!
>Any filter or policer that can be used to prevent such an error?

A great use case for commit scripts.  Something like:

version 1.0;

import "../import/junos.xl";

match configuration {
    for-each (interfaces/interface/unit/family/inet
               /address[substring-after(name, '/') < 16) {
        <xnm:error> {
            call jcs:edit-path();
            call jcs:statement();
            <message> "prefix length must be >= 16";
        }
    }
}

Thanks,
 Phil