Image of Cortney & Jeremy

Configuring BGP maximum-prefix

by Jeremy L. Gaddis on July 21, 2009 · 1 comment

in Networking

The “maximum-prefix” feature of BGP lets us dictate how many prefixes an individual neighbor can send to us. Imagine that we have a private peering with another organization and that organization is only advertising to us their own networks (and not the global BGP tables). While talking with the other organization, we’ve found out that they have, at most, six networks they’ll be announcing to us. If we receive any more prefixes from them than that, something is up.

In this lab, we are AS 65005 and R5 is our router. R7 is the other organization, and they are AS 65007.

Let’s bring up the serial connection on both sides and get connectivity established:

R5# configure terminal
R5(config)# interface serial 0/0
R5(config-if)# ip address 172.16.57.5 255.255.255.0
R5(config-if)# no shutdown
R7# configure terminal
R7(config)# interface serial 0/0
R7(config-if)# ip address 172.16.57.7 255.255.255.0
R7(config-if)# no shutdown

Verify:

R5(config-if)# do ping 172.16.57.7

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.57.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

Alright, we’re good so far. Next, we’re going to bring up six loopbacks on R7 to represent the six networks they will be advertising to us:

R7(config-if)# interface loopback 1
R7(config-if)# ip address 10.7.1.1 255.255.255.0
R7(config-if)# interface loopback 2
R7(config-if)# ip address 10.7.2.1 255.255.255.0
R7(config-if)# interface loopback 3
R7(config-if)# ip address 10.7.3.1 255.255.255.0
R7(config-if)# interface loopback 4
R7(config-if)# ip address 10.7.4.1 255.255.255.0
R7(config-if)# interface loopback 5
R7(config-if)# ip address 10.7.5.1 255.255.255.0
R7(config-if)# interface loopback 6
R7(config-if)# ip address 10.7.6.1 255.255.255.0

With all that in place, we can begin setting up BGP. Let’s start on R7. We want to advertise all of those loopbacks:

R7(config-if)# router bgp 65007
R7(config-router)# network 10.7.1.0 mask 255.255.255.0
R7(config-router)# network 10.7.2.0 mask 255.255.255.0
R7(config-router)# network 10.7.3.0 mask 255.255.255.0
R7(config-router)# network 10.7.4.0 mask 255.255.255.0
R7(config-router)# network 10.7.5.0 mask 255.255.255.0
R7(config-router)# network 10.7.6.0 mask 255.255.255.0
R7(config-router)# neighbor 172.16.57.5 remote-as 65005

Now let’s configure BGP on R5. To limit the number of prefixes that R7 can send us, we’ll use the “maximum-prefix” command. The syntax for this command is:

neighbor {ip-address | peer-group-name} {maximum-prefix maximum [threshold]} [restart restart-interval] [warning-only]

For our example, the settings we’ll use are:

  • ip-address: 172.16.57.7
  • maximum: 10
  • threshold: 65 (percent)
  • restart-interval: 5 (minutes)

This will tell the BGP process that we will accept, at most, 10 prefixes from 172.16.57.7. When 65% of that threshold is reached (7 prefixes), a log message will be generated. Once we have received 10 prefixes from R7, any more will cause the router to kill the peering session (if we specify “warning-only” the session will not be killed). After the specified “restart-interval” (5 minutes, in our case) the peering session will be re-established.

Let’s configure R5 now:

R5(config-if)# router bgp 65005
R5(config-router)# neighbor 172.16.57.7 remote-as 65007
R5(config-router)# neighbor 172.16.57.7 maximum-prefix 10 65 restart 5

We should see the adjacency come up shortly and we can see that R7 is advertising six prefixes to us:

R5(config-router)# do show ip bgp summary | begin Neighbor
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
172.16.57.7     4 65007      21      19       13    0    0 00:00:17        6

Now, all we need to do to trigger the “maximum-prefix” is advertise some more routes on R7! Let’s create four more loopbacks, for a total of 10, and advertise those into BGP:

R7(config-router)# interface loopback 7
R7(config-if)# ip address 10.7.7.1 255.255.255.0
R7(config-if)# interface loopback 8
R7(config-if)# ip address 10.7.8.1 255.255.255.0
R7(config-if)# interface loopback 9
R7(config-if)# ip address 10.7.9.1 255.255.255.0
R7(config-if)# interface loopback 10
R7(config-if)# ip address 10.7.10.1 255.255.255.0
R7(config-if)# router bgp 65007
R7(config-router)# network 10.7.7.0 mask 255.255.255.0
R7(config-router)# network 10.7.8.0 mask 255.255.255.0
R7(config-router)# network 10.7.9.0 mask 255.255.255.0
R7(config-router)# network 10.7.10.0 mask 255.255.255.0

Now, let’s watch what happens on R5. When the routes are received by R5 (which can take a minute), we should see a log message generated:

*Mar  1 00:35:01.115: %BGP-4-MAXPFX: No. of prefix received from 172.16.57.7 (afi 0) reaches 7, max 10

We can see that we are now receiving 10 prefixes from R7:

R5(config-router)# do show ip bgp summary | begin Neighbor
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
172.16.57.7     4 65007      26      23       23    0    0 00:04:56       10

Let’s create one more loopback on R7:

R7(config-router)# interface loopback 11
R7(config-if)# ip address 10.7.11.1 255.255.255.0

If we now advertise it into BGP, what do you think will happen? Let’s find out!

R7(config-if)# router bgp 65007
R7(config-router)# network 10.7.11.0 mask 255.255.255.0

On R5 we see:

*Mar  1 00:38:01.231: %BGP-3-MAXPFXEXCEED: No. of prefix received from 172.16.57.7 (afi 0): 11 exceed limit 10
*Mar  1 00:38:01.231: %BGP-5-ADJCHANGE: neighbor 172.16.57.7 Down BGP Notification sent

There you have it, our peering session has been killed. Let’s see how this looks in a “show ip bgp summary”:

R5(config-router)# do show ip bgp summary
BGP router identifier 172.16.57.5, local AS number 65005
BGP table version is 33, main routing table version 33

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
172.16.57.7     4 65007      30      27        0    0    0 00:00:46 Idle (PfxCt)

Notice the state of the session, “(PfxCt)”? This allows us to, at a glance, see what is up with our peer.

Back on R7, let’s remove all but the first six loopbacks from BGP:

R7(config-router)# no network 10.7.7.0 mask 255.255.255.0
R7(config-router)# no network 10.7.8.0 mask 255.255.255.0
R7(config-router)# no network 10.7.9.0 mask 255.255.255.0
R7(config-router)# no network 10.7.10.0 mask 255.255.255.0
R7(config-router)# no network 10.7.11.0 mask 255.255.255.0

After that, it’s just a matter of waiting the length of the “restart-interval” — in our case, five minutes. Once five minutes have passed, we should see the peering come back up. Since R7 is once again only advertising six prefixes to R5, everything should be just fine.

*Mar  1 00:43:25.687: %BGP-5-ADJCHANGE: neighbor 172.16.57.7 Up
R5(config-router)# do show ip bgp summary | begin Neighbor
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
172.16.57.7     4 65007      35      31       39    0    0 00:00:30        6

{ 1 comment… read it below or add one }

Leave a Comment

Previous post:

Next post: