-
Notifications
You must be signed in to change notification settings - Fork 686
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Limit number of announces in GoBGP RIB per AFI #2749
Comments
Other BGP implementations support such feature? |
Hello!
Thank you for reply!
I'm not aware of such capabilities from vendors but friend of mine pointed
to this capability in Openconfig schema for BGP:
https://openconfig.net/projects/models/schemadocs/yangdoc/openconfig-network-instance.html#network-instances-network-instance-protocols-protocol-bgp-global-afi-safis-afi-safi-ipv4-unicast-prefix-limit-config
If I interpret documentation correctly it provides an option to limit
number of active announces per AFI locally.
…On Fri, 1 Dec 2023 at 08:06, FUJITA Tomonori ***@***.***> wrote:
Other BGP implementations support such feature?
—
Reply to this email directly, view it on GitHub
<#2749 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAU56ZRMU2JLRJPVZOQTVXDYHFQTVAVCNFSM6AAAAAA77ILC26VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQMZVGQ3DOMBRGU>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
This is maximum number of prefixes that will be accepted from a peer? |
I do not think so. This one is a global number of prefixes per AFI / SAFI in local RIB. I found this conversation and it has some details about exactly this topic: openconfig/public#13 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello!
I hope you're doing well.
I'm trying to approach one of the pretty curious cases related with limitation on number of BGP Flow Spec announces which may be imposed by remote side.
There is a pretty short list of ISPs which offer BGP Flow Spec to their customers. For security and validation reasons they limit number of BGP Flow Spec announces received by third party by some pretty low number. Let's say 50 and when we reach this number they shutdown BGP Flow Spec session with customer which leads to withdrawal of all announces which caused havoc and exposes networks to DDoS.
I know that option to limit number of announces received from remote peer exists in GoBGP:
We're looking to option to implement limit on number of announces GoBGP stores in local RIB.
Our expected behaviour when limit is reached to receive error when we attempt to add prefix:
We clearly can implement it from our side but I think it may be beneficial for other customers to have it.
What do you think about it?
The text was updated successfully, but these errors were encountered: