Maximum Prefix Filters are often overlooked in BGP configurations. Don’t overlook BGP Maximum Prefix Filters. They can save your network in a route table explosion crisis. Why? Exploding BGP tables is one of the huge risks to Internet stability. We have had and will have routers which de-aggregate, rapidly increasing the size of the BGP RIB from hundred of prefixes to thousands of prefixes. Imagine a routing table going from 300K prefixes to 10,000K prefixes. Can that router receive that volume of change? Can that router’s memory have 10,000K prefixes? What would happen to the router’s CPU as it processes all of those prefixes? What happens when your router then sends out that rapid increase of prefixes to all the peers?
Increasing the size of the BGP RIP will have collateral impact on the routing stability, the convergence time, the CPU load on the router, and collateral impact on the forwarding FIB ASICs/FPGA/NPs which have limited table size.
One of the “hallway discussions” that happen in many NOGs is what would happen if several routers all disaggregated the Internet. While the whole Internet will go through an instability period, those networks which do not have MAX Prefix filters will be dramatically impacted. Don’t be “massively impacted” from a route table explosion. Engineer in maximum prefix filters into your BGP sessions.
Back to the main guide BGP Route Hijacks & Routing Mistakes – What can be done Today?
These BGP security materials are provided to help people around the Internet understand how do their part to deploy a more resilient BGP infrastructure. Seek out more information on www.senki.org.