Thanks for the information... I will let you know how it goes (though it seems you already know hehehe, since this was your baby.)
Thanks, Dan -----Original Message----- From: Richard A Steenbergen [mailto:r...@e-gerbil.net] Sent: Thursday, February 05, 2009 7:04 PM To: Dan Farrell Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] prefix-limit effectiveness On Thu, Feb 05, 2009 at 02:05:14PM -0800, Dan Farrell wrote: > > > Then I limit the number of prefixes it will even look at to 5000 - > > import default-route; > family inet { > unicast { > prefix-limit { > maximum 5000; ... > This is effective- I have only the default to use from my upstream. > But I keep generating tons of log messages because I keep getting (and > rejecting) tons of routes. Without asking the upstream to not > advertise the full route table, is there something I can do on my end > to limit the syslog messages I keep getting? > > Feb 5 19:00:43 nap-r2-edge-2 rpd[82464]: RPD_RT_PREFIX_LIMIT_REACHED: > Number of prefixes (4000) in table inet.0 still exceeds or equals configured > maximum (4000) Well technically speaking you can always filter by regexp anything that you send to system, but what you really want is accepted-prefix-limit instead of prefix-limit above. Prefix-limit is applied to all routes received by the router, even if they are rejected by your import policy. Basically this protects router DRAM from something going wild and sending you a billion routes, but is less useful as a policy protection, or in your case to limit the number of routes being installed to FIB. Accepted-prefix-limit is a relatively new feature added in 9.2 (and pardon me while I do a little dance about it, but this is one of my feature requests which I've been asking for for 6 years and it just finally got implemented! :P) which limits the number of routes AFTER your import policy has been applied. In the example above, even though you are receiving a full table, you are rejecting all but 1 route in policy, so the value that would be evaluated yb accepted-prefix-limit is 1. -- Richard A Steenbergen <r...@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) __________ Information from ESET NOD32 Antivirus, version of virus signature database 3831 (20090205) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __________ Information from ESET NOD32 Antivirus, version of virus signature database 3838 (20090209) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp