Select Page

prefix-lists | LimitS

BGP | Prefix List & Prefix Limits

  • Limit the number of prefixes received on a BGP peer session and a rate-limit logging when injected prefixes exceed a set limit.

In Junos OS, prefix lists provide one method of defining a set of routes. Junos OS provides other methods of accomplishing the same task, such as route filters. A prefix list is a listing of IP prefixes that represent a set of routes that are used as match criteria in an applied policy.  — Prefix list Example:

[email protected]# show policy-options
policy-statement customer-routes {
term get-routes {
from {
prefix-list customers;
}
then accept;
}
term others {
then reject;
}

Juniper vMX 14 & EVE-NG Pro is used for this lab.

 Devices Configuration: 

[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R1
set system root-authentication encrypted-password "$1$tO/JJjsr$6UERRBvamum8jyb8WbD5p1"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/0 unit 0 family inet address 12.12.12.1/24
set routing-options autonomous-system 100
set protocols bgp group eBGP type external
set protocols bgp group eBGP family inet any prefix-limit maximum 6
set protocols bgp group eBGP family inet any prefix-limit teardown 50
set protocols bgp group eBGP peer-as 200
set protocols bgp group eBGP neighbor 12.12.12.2
 
[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R2
set system root-authentication encrypted-password "$1$tO/JJjsr$6UERRBvamum8jyb8WbD5p1"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/0 unit 0 family inet address 12.12.12.2/24
set interfaces lo0 unit 2 family inet address 2.2.2.2/24
set interfaces lo0 unit 2 family inet address 22.22.22.2/24
set interfaces lo0 unit 2 family inet address 222.222.222.2/24
set interfaces lo0 unit 2 family inet address 33.33.33.3/24
set interfaces lo0 unit 2 family inet address 30.30.30.3/24
set interfaces lo0 unit 2 family inet address 32.32.32.3/24
set routing-options autonomous-system 200
set protocols bgp group eBGP type external
set protocols bgp group eBGP export R2-loop
set protocols bgp group eBGP peer-as 100
set protocols bgp group eBGP neighbor 12.12.12.1
set policy-options policy-statement R2-loop term t1 from interface lo0.2
set policy-options policy-statement R2-loop term t1 then accept
— Configuration | Verification —

— eBGP Peering:

R1>
set routing-options autonomous-system 100
set protocols bgp group eBGP type external
set protocols bgp group eBGP peer-as 200
set protocols bgp group eBGP neighbor 12.12.12.2

R2>
set routing-options autonomous-system 200

set protocols bgp group eBGP type external
set protocols bgp group eBGP export R2-loop
set protocols bgp group eBGP peer-as 100
set protocols bgp group eBGP neighbor 12.12.12.1
set policy-options policy-statement R2-loop term t1 from interface lo0.2
set policy-options policy-statement R2-loop term t1 then accept

[email protected]> show bgp summary    
Groups: 1 Peers: 1 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0               
                       6          6          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
12.12.12.2              200          4          4       0       0          46 6/6/6/0              0/0/0/0

[email protected]> show route protocol bgp 

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

2.2.2.0/24         *[BGP/170] 00:01:17, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0
22.22.22.0/24      *[BGP/170] 00:01:17, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0
30.30.30.0/24      *[BGP/170] 00:01:17, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0
32.32.32.0/24      *[BGP/170] 00:01:17, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0
33.33.33.0/24      *[BGP/170] 00:01:17, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0
222.222.222.0/24   *[BGP/170] 00:01:17, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0
[email protected]> show bgp summary Groups: 1 Peers: 1 Down peers: 0 Table Tot Paths Act Paths Suppressed History Damp State Pending inet.0 0 0 0 0 0 0 Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped... 12.12.12.1 100 8 10 0 0 2:44 0/0/0/0 0/0/0/0 [email protected]> show route inet.0: 14 destinations, 14 routes (14 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 2.2.2.0/24 *[Direct/0] 00:04:02 > via lo0.2 2.2.2.2/32 *[Local/0] 00:04:02 Local via lo0.2 12.12.12.0/24 *[Direct/0] 00:02:59 > via ge-0/0/0.0 12.12.12.2/32 *[Local/0] 00:03:00 Local via ge-0/0/0.0 22.22.22.0/24 *[Direct/0] 00:04:02 > via lo0.2 22.22.22.2/32 *[Local/0] 00:04:02 Local via lo0.2 30.30.30.0/24 *[Direct/0] 00:04:02 > via lo0.2 30.30.30.3/32 *[Local/0] 00:04:02 Local via lo0.2 32.32.32.0/24 *[Direct/0] 00:04:02 > via lo0.2 32.32.32.3/32 *[Local/0] 00:04:02 Local via lo0.2 33.33.33.0/24 *[Direct/0] 00:04:02 > via lo0.2 33.33.33.3/32 *[Local/0] 00:04:02 Local via lo0.2 222.222.222.0/24 *[Direct/0] 00:04:02 > via lo0.2 222.222.222.2/32 *[Local/0] 00:04:02 Local via lo0.2

— Prefix Limit

R1 to learn maximum 2 prefix 
#set protocols bgp group eBGP family inet any prefix-limit maximum 2
 /** BGP peering 'll reset
[email protected]> show route protocol bgp 

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

2.2.2.0/24         *[BGP/170] 00:03:15, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0
22.22.22.0/24      *[BGP/170] 00:03:15, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0
30.30.30.0/24      *[BGP/170] 00:03:15, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0
32.32.32.0/24      *[BGP/170] 00:03:15, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0
33.33.33.0/24      *[BGP/170] 00:03:15, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0
222.222.222.0/24   *[BGP/170] 00:03:15, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0

[email protected]> show log messages |match limit 
Apr 22 05:44:40  R1 rpd[2297]: BGP_PREFIX_LIMIT_EXCEEDED: 12.12.12.2 (External AS 200): Configured maximum prefix-limit(2) exceeded for inet-unicast nlri: 3 (instance master)
/** R1 still learning more than 2 prefix, however log shows max-limit (2) exceeded. 
Need additional configuration ??

 

— Additional Config ‘Thresholds’ for prefix-limit to work:

>> limit: Max number of prefix =6., If increase, teardown the BGP peering (ACTION)
>> CONFIG:  [email protected]# 
[email protected]# show |compare 
[edit protocols bgp group eBGP family inet any prefix-limit]
-        maximum 2;
+        maximum 6;
+        teardown 50;
[email protected]> show route protocol bgp 

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

2.2.2.0/24         *[BGP/170] 00:10:24, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0
22.22.22.0/24      *[BGP/170] 00:10:24, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0
30.30.30.0/24      *[BGP/170] 00:10:24, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0
32.32.32.0/24      *[BGP/170] 00:10:24, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0
33.33.33.0/24      *[BGP/170] 00:10:24, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0
222.222.222.0/24   *[BGP/170] 00:10:24, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 12.12.12.2 via ge-0/0/0.0
/** Note that R1 learning 6 prefix (as define, max limit). Now, for testing, Let's create another network on R2 and check behavior on R1:

ON R2>
[email protected]# set interfaces lo0 unit 2 family inet address 100.100.100.100/24 [email protected]> show bgp summary Groups: 1 Peers: 1 Down peers: 1 Table Tot Paths Act Paths Suppressed History Damp State Pending inet.0 0 0 0 0 0 0 inet.2 0 0 0 0 0 0 Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped... 12.12.12.2 200 37 38 0 1 7 Active

R1>
Apr 22 06:00:36 R1 rpd[2297]: BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 12.12.12.2 (External AS 200): Shutting down peer due to exceeding configured maximum prefix-limit(6) for inet-unicast nlri: 7
R2>
Apr 22 06:04:51 R2 rpd[2297]: bgp_read_v4_message:10756: NOTIFICATION received from 12.12.12.1 (External AS 100): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 1 SAFI: 1 prefix limit 6
/** Now, BGP peering is DOWN due to max-prefix limit exceed. Let's remove prefix created on R2 and restore BGP peering:

[email protected]> show bgp summary                         
Groups: 1 Peers: 1 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0               
                       6          6          0          0          0          0
inet.2               
                       0          0          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
12.12.12.2              200          4          4       0      12          37 6/6/6/0              0/0/0/0
 

 

Share on print
Print
Share on google
Google+
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

Prepaid Phones, SIM Cards, No-Contract & Pay As You Go Phones at a price you wouldn’t expect.

 

The Juniper All-Access | Reading List

Leave a reply

Your email address will not be published. Required fields are marked *

ADENTECH guides

We love to help.

Get our newsletter, join the community: