North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: BGP Blowup?

  • From: Philip Smith
  • Date: Tue Dec 14 01:44:07 1999

On a router I have a full view received from Japan and Australia I see:

Thu 4am GMT+10 68655
Fri 4am GMT+10 68820
Sat 4am GMT+10 68724
Sun 4am GMT+10 68986
Mon 4am GMT+10 68544

No surge recorded but then "max prefix" is set to give warnings at 80000 and cut out at 100000 prefixes...

TBH, I pushed the warning limit up because:
a) getting so many instances going over 70000, frequently as high as 75000
b) the router has enough memory to handle 100000 prefixes++

Some of a) have lasted for a few hours, some for several days, some have only been visible here in Asia Pacific but not in the US.

Maybe b) is the reason that you have had so few responses, and that max-prefix is being set high enough above the noise + spikes?


At 15:41 13/12/99 -0800, Tim Wolfe wrote:

So far the data is as follows:

1. My BGP session to Sprint (1239) exceeded 75000 routes at approx 5:39pm PST
2. Telestra seems to have had a similar surge from Uknown provider (or possibly
on their own network)
3. Another individual reported that their GTEI (7176) session had a similar
4. Yet another individual reported that their Digex session had a surge as

I guess I'm confused. While 4 similar surges in table size at 3 distinct
locations is not by any means conclusive evidence that the global table was
experiencing wackiness, it certainly points a finger in the that direction.
What perhaps bothers me more than the surge itself is that I have gotten
very few (read 1) responses to indicate that there were NOT a problem
similar to what I've reported. I get the feeling that many people are not
tracking prefix counts so I'm am very nervous about future occurences. At
what point does an event like this become a problem that gets noticed? Does
it take a full meltdown of BGP speakers in a large providers network before
this is worth looking at? I would think that a sudden random addition of
10,000 routes would be of concern to people who claim to be so worried about
the size of the world's routing tables. Or is it only a concern if actually
affects your network? I'm not attacking anyone, just concerned over the
apparent lack of concern...

It is interesting that all of the individuals that had direct UUNet sessions
didn't see any of the surge on those sessions. Maybe they learned from the
MCI experience awhile back?

-- Tim

* Timothy M. Wolfe, Chief Network Engineer *
* ClipperNet Corporation / It's a wireless world *
* [email protected] 800.338.2629 x 402 *
* Sufficient for today = Inadequate for tomorrow *

Philip Smith ph: +61 7 3238 8200
Consulting Engineering, Office of the CTO, Cisco Systems