On Fri, Feb 24, 2012 at 10:52 PM, Dobbins, Roland <rdobb...@arbor.net> wrote: > >> X prefixes/packets in Y seconds/milliseconds doesn't keep the peer from >> blowing up your RIB, > > How so? If the configured parameters are exceeded, stop accepting/inserting > updates until this is no longer the case. Exceptions would be made for > peering session establishment, it would take effect after that. >
if the rate is 1/ms ... I can fill the rib in 2million ms ... ~30mins? Rate alone isn't the problem :( size matters. >> it does slow down convergence :( > > Yes, but is this always necessarily a Bad Thing? For example, this > particular circumstance (and many like it, c.f. AS7007 incident, et. al.) it > could be argued that in this particular case, [incorrect? undesirable? > premature? pessimal?] convergence led to a poor result, could it not? > it's not clear, to me at least, that slowing convergence is good. it seems to me that folk do all manner of 'interesting' things in order to limit convergence time. People aren't trying to actively make convergence take longer, that I've seen at least. >> If you have 200 peers on an edge device, dropping the whole device's routing >> capabilities because of one AS7007/AS1221/AS9121 .. isn't cool >> to your network nor the other customers on that device :( > > Apologies for being unclear; I wasn't suggesting dropping or removing > anything, but rather refusing to further accept/insert updates from a given > peer until the update rate from said peer slowed to within configured > parameters. > yup, I think I jumped a bit around, my penalizing every other customer was a reference to not having any limiting system in place. >> max-prefix as it exists today at least caps the damage at one customer. > > But it doesn't, really, does it? The effects cascade in an anisotropic > manner throughout a potentially large transit cone. > dropping a single customer sucks, dropping an entire edge device is far far worse. >> The knobs available are sort of harsh all the way around though today :( > > Concur again, sigh. hurray! sort of. thanks! -chris