Thanks Richard. Great comments on and off list. Thank you. This just happened to be the first time I tested this scenario. I had a fundamental misunderstanding of the behavior of the RIB/FIB on the EX. In production, my EX's only get IGP and local AS.
As a side note, when I filter by upto /19 from what I receive from my upstreams, I see about 28k. Thanks again, -b On Sun, May 1, 2011 at 6:19 PM, Richard A Steenbergen <[email protected]> wrote: > On Sat, Apr 30, 2011 at 08:48:59AM -0700, Bill Blackford wrote: >> So if what you are saying is that the EX, only being capable of 16k >> routes, will only "Receive" and "Accept" a random smattering of a full >> table being sent up to 16k and any filters beyond that filter on the >> 16k "Received" and installs that balance as "Active"? >> >> If this assumption is correct, then what I'm seeing is expected >> behavior? > > The 16k limit is a RIB limit from the default hard-coded configuration > on small-EX's. This doesn't really protect the FIB, as the FIB is much > smaller still, more along the lines of 12k total unicast entries for > IPv4 (and much less if you actually install IPv6 routes) on > EX3200/4200.. > > You can see the RIB limit at /etc/config/ex-series-defaults.conf: > > routing-options { > rib inet.0 { > maximum-prefixes 16384; > } > rib inet6.0 { > maximum-prefixes 4096; > } > > All you have to do to override this is apply those options with > increased values to your own configuration. Of course if you do, you'll > immediately hit the next limit, a hard-coded maximum data size of 128MB > which will cause rpd to coredump when it allocates that much memory. To > change this, you have to edit /boot/loader.conf and increase the > kern.maxdsiz line to something a little more sensible (like say 512MB). > Unfortunately this value will be blown away every time you do a new > jinstall, so you'll need to keep it up to date every time you upgrade. > > To not flood your FIB, you'll need to block a bunch of routes at the > RIB->FIB export layer, which happens in a policy you apply at > "routing-options forwarding-table export XXXXXX". For example, you might > want to allow a default, static, isis|ospf, and some internal cust > routes, but otherwise block the rest of the BGP routes to keep the table > size small. > > None of this has anything to do with an arbitrary liit of 28k active > routes. If you were bumping up against the maximum-prefixes config, the > number would be 16k total for the RIB, not 28k. When this limit gets > hit the future routes are just silently dropped from the RIB, which is > certainly a lot better than the Cisco method of disabling CEF and making > the box unusuable until someone goes to reboot it. :) > > -- > Richard A Steenbergen <[email protected]> http://www.e-gerbil.net/ras > GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) > -- Bill Blackford Network Engineer Logged into reality and abusing my sudo privileges..... _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
