BGP Prefix Limitation
If a large amount of route information (prefix) is sent due to a neighbor’s misconfiguration, for example, the load on the router may increase and have an adverse effect on the router. Therefore, the neighbor maximum-prefix command is used to limit the number of route information received from the neighbor. This command prevents the router from being overloaded by limiting the number of route information received from the neighbor.
The command format for neighbor maximum-prefix is as follows.
Router(config)#router bgp <AS>
Router(config-router)#neighbor <ip-address> maximum-prefix <maximum> [<threshold>] [restart <restart-interval>] [warning-only]
<ip-address>:neighbor IP address
<maximum>:The maximum number of route information to be received. By default, if the maximum number is exceeded, the neighbor is taken down.
<threshold>:Threshold to display warnings. Specified in %. Default 75%.
restart:Option to automatically re-establish the neighbor
<restart-interval>:The time it takes to automatically re-establish the neighbor. Minutes.
warning-only:If the maximum number of route information to be received is exceeded, it will only display warnings without taking down the neighbor.
BGP Prefix Limitation Configuration Example
The following is a simple example of configuring the BGP prefix limitation.
Four routes are sent from ISP1 to R1. set the maximum number of incoming routes to 8 at R1 as follows.
router bgp 100 neighbor 172.16.1.11 maximum-prefix 8
Now, ISP1 sends more 22.214.171.124/24 and 126.96.36.199/24 and 188.8.131.52/24 to R1. R1 will then display the following warning message.
R1 maxmum-prefix warning
*Mar 1 01:31:02.293: %BGP-4-MAXPFX: No. of prefix received from 172.16.1.11 (afi 0) reaches 7, max 8
By default, the threshold is 75%. A warning is displayed because more routes were received than 6, which is 75% of the maximum number 8. In addition, ISP1 sends route information for 184.108.40.206/24 and 220.127.116.11/24 to R1.
R1 Exceeding the maximum prefix
R1# *Mar 1 01:36:02.369: %BGP-4-MAXPFX: No. of prefix received from 172.16.1.11 (afi 0) reaches 8, max 8 R1# *Mar 1 01:37:02.392: %BGP-3-MAXPFXEXCEED: No. of prefix received from 172.16.1.11 (afi 0): 9 exceed limit 8 *Mar 1 01:37:02.392: %BGP-5-ADJCHANGE: neighbor 172.16.1.11 Down BGP Notification sent *Mar 1 01:37:02.392: %BGP-3-NOTIFICATION: sent to neighbor 172.16.1.11 3/1 (update malformed) 0 bytes R1# FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 0034 0200 0000 1940 0101 0040 0204 0201 0001 4003 04AC 1001 0B80 0404 0000 0000 1864 0108 R1#
Since R1 has received a route that exceeds the maximum number of prefixes set by ISP1 of 8, we can see that a NOTIFICATION message has been sent to bring down the neighbor with ISP1. Also, if you look at the status of the neighbor in the show ip bgp summary, you can see that it is in a state where the number of prefixes is exceeded.
R1 show ip bgp summary
R1#show ip bgp summary BGP router identifier 100.100.0.1, local AS number 100 BGP table version is 31, main routing table version 31 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 172.16.1.11 4 1 88 98 0 0 0 00:02:30 Idle (PfxCt)
Then add a warning-only option to the maximum-prefix setting in R1.
R1 maximum-prefix warning-only
router bgp 100 neighbor 172.16.1.11 maximum-prefix 8 warning-only
Then, even if more than eight routes are received, as shown below, you will only see a warning message and the neighbor will not go down.
*Mar 1 01:44:19.023: %BGP-5-ADJCHANGE: neighbor 172.16.1.11 Up *Mar 1 01:44:19.128: %BGP-4-MAXPFX: No. of prefix received from 172.16.1.11 (afi 0) reaches 7, max 8 R1# *Mar 1 01:44:19.132: %BGP-3-MAXPFXEXCEED: No. of prefix received from 172.16.1.11 (afi 0): 9 exceed limit 8