Limiting routes received from a peer or peer group

This feature can prevent attacks that send a large number of BGP routes to the router.

If the number of routes received from a peer or peer group exceeds the upper limit, the router takes one of the following actions based on your configuration:

Tears down the BGP session to the peer or peer group and does not attempt to re-establish the session.
Continues to receive routes from the peer or peer group and generates a log message.
Retains the session to the peer or peer group, but it discards excess routes and generates a log message.
Tears down the BGP session to the peer or peer group and, after a specific period of time, re-establishes a BGP session to the peer or peer group.

You can specify a percentage threshold for the router to generate a log message. When the ratio of the number of received routes to the maximum number reaches the percentage value, the router generates a log message.

To limit routes that a router can receive from a peer or peer group (IPv4 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv4 unicast address family view, BGP-VPN IPv4 unicast address family view, or BGP IPv4 multicast address family view.	Enter BGP IPv4 unicast address family view: bgp as-number [ instance instance-name ] address-family ipv4 [ unicast ] Enter BGP-VPN IPv4 unicast address family view: bgp as-number [ instance instance-name ] ip vpn-instance vpn-instance-name address-family ipv4 [ unicast ] Enter BGP IPv4 multicast address family view: bgp as-number [ instance instance-name ] address-family ipv4 multicast	N/A
3. Specify the maximum number of routes that a router can receive from a peer or peer group.	peer { group-name \| ipv4-address [ mask-length ] } route-limit prefix-number [ { alert-only \| discard \| reconnect reconnect-time } \| percentage-value ] *	By default, the number of routes that a router can receive from a peer or peer group is not limited.

To limit routes that a router can receive from a peer or peer group (IPv6 unicast/multicast address family):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP IPv6 unicast address family view, BGP-VPN IPv6 unicast address family view, or BGP IPv6 multicast address family view.	Enter BGP IPv6 unicast address family view: bgp as-number [ instance instance-name ] address-family ipv6 [ unicast ] Enter BGP-VPN IPv6 unicast address family view: bgp as-number [ instance instance-name ] ip vpn-instance vpn-instance-name address-family ipv6 [ unicast ] Enter BGP IPv6 multicast address family view: bgp as-number [ instance instance-name ] address-family ipv6 multicast	N/A
3. Specify the maximum number of routes that a router can receive from a peer or peer group.	peer { group-name \| ipv6-address [ prefix-length ] } route-limit prefix-number [ { alert-only \| discard \| reconnect reconnect-time } \| percentage-value ] *	By default, the number of routes that a router can receive from a peer or peer group is not limited.

prev	up	next
Configuring BGP to first send updates of the default route	home	Configuring BGP route filtering policies