Limiting routes received from a peer or peer group
This feature can prevent attacks that send a large number of BGP routes to the router.
If the number of routes received from a peer or peer group exceeds the upper limit, the router takes one of the following actions based on your configuration:
Tear down the BGP session to the peer or peer group.
Display an alarm message.
Tear down the BGP session to the peer or peer group and, after a specified period of time, reestablishes a BGP session to the peer or peer group.
You can specify a percentage threshold for the router to display an alarm message. When the ratio of the number of received routes to the maximum number reaches the percentage value, the router displays an alarm message.
To limit routes that a router can receive from a peer or peer group (IPv4):
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter BGP view or BGP-VPN instance view. |
| N/A |
3. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view. | address-family ipv4 [ unicast ] | N/A |
4. Specify the maximum number of routes that a router can receive from a peer or peer group. | peer { group-name | ip-address } route-limit prefix-number [ { alert-only | reconnect reconnect-time } | percentage-value ] * | By default, the number of routes that a router can receive from a peer or peer group is not limited. |
To limit routes that a router can receive from a peer or peer group (IPv6):
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter BGP view. | bgp as-number | N/A |
3. Enter BGP IPv6 unicast address family view. | address-family ipv6 [ unicast ] | N/A |
4. Specify the maximum number of routes that a router can receive from a peer or peer group. | peer { group-name | ipv6-address } route-limit prefix-number [ { alert-only | reconnect reconnect-time } | percentage-value ] * | By default, the number of routes that a router can receive from a peer or peer group is not limited. |