In a message written on Fri, Apr 12, 2002 at 05:27:50PM -0700, Mark Kent wrote:
To address Sean's point about mistakes turning one /16 into a zillion
entries, is there any way to allow only some specified maximum number
of routes from a bgp neighbor? I know that I'ld be happy if my
upstreams gave me a buffer of, say, 10 entries above my typical number
I'll bite, as I have this conversation with people from time to
time. There are two things you can (easily) do with transit
customers (wrt prefixes):
1) Limit them to specific prefixes up to a limited length.
2) Limit the number of prefixes.
My take on the "right" thing to do is:
1) Allow any netblock the customer "owns"*, up to /24.
2) Use a default prefix limit of 50, or 2 times the number of
prefixes the customer owns, whichever is greater.
As a service provider, you don't want to spend a lot of cycles
updating prefix lists. The providers that do exact match only I
think are doing a lot of work for nothing, as they are doing a lot
of updates for very little gain. On the other hand, you can't let
customers have unfiltered access. The absolute limits are similar.
You don't want to reconfigure your device hourly, but updating it
every 10 years isn't good either.
So, I think customers should be allowed to go up to a /24 by default.
50 extra routes is no big deal for any transit free provider, even
from a few customers. For larger customers, that's not enough
headroom, but if the customer is that large some clue is assumed,
and so a limit of 2x the registered (eg supernet) prefixes is
probably fine. I would allow a customer a higher limit if they
can demonstrate a good reason.
What do you find reasonable, and more importantly, why do you find