Limiting routes received from a peer or peer group

This feature can prevent attacks that send a large number of BGP routes to the router.

If the number of routes received from a peer or peer group exceeds the upper limit, the router takes one of the following actions based on your configuration:

Tears down the BGP session to the peer or peer group and does not attempt to re-establish the session.
Continues to receive routes from the peer or peer group and generates a log message.
Retains the session to the peer or peer group, but it discards excess routes and generates a log message.
Tears down the BGP session to the peer or peer group and, after a specified period of time, re-establishes a BGP session to the peer or peer group.

You can specify a percentage threshold for the router to generate a log message. When the ratio of the number of received routes to the maximum number reaches the percentage value, the router generates a log message.

To limit routes that a router can receive from a peer or peer group (IPv4):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP view or BGP-VPN instance view.	Enter BGP view:bgp as-number Enter BGP-VPN instance view: bgp as-number ip vpn-instance vpn-instance-name	N/A
3. Enter BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view.	address-family ipv4 [ unicast ]	N/A
4. Specify the maximum number of routes that a router can receive from a peer or peer group.	peer { group-name \| ip-address [ mask-length ] } route-limit prefix-number [ { alert-only \| discard \| reconnect reconnect-time } \| percentage-value ] *	By default, the number of routes that a router can receive from a peer or peer group is not limited.

To limit routes that a router can receive from a peer or peer group (IPv6):

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Enter BGP view.	bgp as-number	N/A
3. Enter BGP IPv6 unicast address family view.	address-family ipv6 [ unicast ]	N/A
4. Specify the maximum number of routes that a router can receive from a peer or peer group.	peer { group-name \| ipv6-address [ prefix-length ] } route-limit prefix-number [ { alert-only \| discard \| reconnect reconnect-time } \| percentage-value ] *	By default, the number of routes that a router can receive from a peer or peer group is not limited.

prev	up	next
Advertising a default route to a peer or peer group	home	Configuring BGP route filtering policies