Maximum-Prefix

This scenario demonstrates how to configure the maximum-prefix limit for a BGP neighbor. When the number of prefixes received from a neighbor exceeds the configured limit, the BGP session is automatically closed to protect the routing table.

Test iBGP - Maximum prefix exceeded

Description

Test to verify that BGP session closes when maximum-prefix limit is exceeded. DUT0 is configured with maximum-prefix 2. DUT1 initially advertises 2 prefixes (within limit), then a third is added to exceed the limit.

Scenario

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.10.0.100/24
set protocols bgp 20 neighbor peer maximum-prefix 2
set protocols bgp 20 neighbor peer remote-address 10.10.0.200
set protocols bgp 20 neighbor peer remote-as 20
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 2: Set the following configuration in DUT1 :

set interfaces ethernet eth0 address 10.10.0.200/24
set protocols bgp 20 neighbor peer remote-address 10.10.0.100
set protocols bgp 20 neighbor peer remote-as 20
set protocols bgp 20 redistribute static
set protocols static route 192.168.10.0/24 blackhole
set protocols static route 192.168.20.0/24 blackhole
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Attention

Verify iBGP session establishes with 2 prefixes (within limit).

Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:

10.10.0.200.*Established

Show output

IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 20 VRF default vrf-id 0
BGP table version 2
RIB entries 3, using 384 bytes of memory
Peers 1, using 24 KiB of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.10.0.200     10.10.0.100     4         20         4         4        2    0    0 00:00:01  Established        2        0 FRRouting/10.4.1

Total number of neighbors 1

Attention

Verify that DUT0 receives both routes.

Step 4: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:

192.168.10.0/24[\s\S]+192.168.20.0/24

Show output

BGP table version is 2, local router ID is 10.10.0.100, vrf id 0
Default local pref 100, local AS 20
local address -
Status codes:  s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>i 192.168.10.0/24  10.10.0.200              0    100      0 ?
 *>i 192.168.20.0/24  10.10.0.200              0    100      0 ?

Displayed 2 routes and 2 total paths

Note

Add a third static route on DUT1 to exceed the maximum-prefix limit.

Step 5: Modify the following configuration lines in DUT1 :

set protocols static route 192.168.30.0/24 blackhole

Attention

Verify that DUT0 BGP session shows Idle (PfxCt) after exceeding maximum-prefix.

Step 6: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:

10.10.0.200.*Idle \(PfxCt\)

Show output

IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 20 VRF default vrf-id 0
BGP table version 4
RIB entries 0, using 0 bytes of memory
Peers 1, using 24 KiB of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.10.0.200     10.10.0.100     4         20         5         5        0    0    0 00:00:00 Idle (PfxCt)        0        0 FRRouting/10.4.1

Total number of neighbors 1

---