Function
The peer route-limit command sets the number of routes that can be received from the peer.
The undo peer route-limit command disables this function.
By default, the maximum number of routes received from the peer is not limited, but the maximum number cannot exceed the limit defined by the BGP routing table.
Format
peer { group-name | ipv4-address | ipv6-address } route-limit limit [ percentage ] [ alert-only | idle-forever | idle-timeout times ]
undo peer { group-name | ipv4-address | ipv6-address } route-limit
Parameters
| Parameter | Description | Value |
|---|---|---|
| group-name | Specifies the name of the peer group. | The name is a string of 1 to 47 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| ipv4-address | Specifies the IPv4 address of the peer. | It is in dotted decimal notation. |
| ipv6-address | Specifies the IPv6 address of the peer. | The address is a 32-digit hexadecimal number in the X:X:X:X:X:X:X:X format. |
| limit | Specifies the maximum number of routes allowed by peers. | The value is an integer that ranges from 1 to 500000 on the AntiDDoS8000. |
| percentage | Specifies the route percentage when the router starts to generate alarms. | The value is an integer ranging from 1 to 100. By default, it is 75. |
| alert-only | Indicates that only an alarm is generated when the number of routes exceeds the limit and that no more routes are received. | - |
| idle-forever | Indicates that when the number of routes exceeds the limit and that the connection is not re-established unless the reset bgp command is run. | - |
| idle-timeout times | Indicates the timer for the automatic connection re-establishment. You can run the reset bgp command to re-establish connections before the timer expires. | The value is an integer ranging from 1 to 1200, in minutes. |
NOTE: ipv4-address is valid only in the BGP view, BGP-IPv4 unicast address family view, BGP-VPN-Target address family view, BGP-IPv6 unicast address family view, BGP-VPNv4 address family view, BGP-VPNv6 address family view and BGP-VPN instance IPv4 address family view.
ipv6-address is valid only in the BGP-IPv6 unicast address family view and BGP-VPN instance IPv6 address family view.
Views
BGP view, BGP-VPN instance IPv4 address family view, BGP-VPN instance IPv6 address family view, BGP-VPNv4 address family view, BGP-VPNv6 address family view, BGP-IPv4 unicast address family view, BGP-IPv6 unicast address family view, BGP-VPN-Target address family view
Only the AntiDDoS8000 series support BGP-VPNv6 address family view.
Usage Guidelines
Usage Scenario
The peer route-limit command is used to set the maximum number of routes that a BGP device is allowed to receive from its peer. This provides a mechanism for controlling the routes received from peers in addition to distribution lists, filtering lists, and route mappings.
Prerequisites
The peer as-number command has been used to create a peer or peer group.
Configuration Impact
If the peer route-limit command is run for a peer group, the peers of the peer group inherit the configuration.
If the number of routes received by the router exceeds the upper limit, the peer route-limit command is run for the first time, and alert-only is not specified in this command, the router will interrupt the peer relationships with its peers and then re-establish them. If alert-only is set in this command, the router will not interrupt the peer relationships.
If the upper limit set on the router is increased to be greater than the number of received routes, the router sends Refresh packets to receive routes again. If the router does not support the route-refresh capability, the router needs to re-establish the connection with its peer.
If the upper limit set on the router is reduced but is still greater than the number of received routes, only configuration parameters need to be modified.
If the peer relationship is in the Idle state because the number of received routes exceeds the upper limit and idle-forever or idle-timeout is set, the reset bgp command can be used to re-establish the peer relationship.
Assume that none of alert-only, idle-forever, and idle-timeout is configured. If the number of routes exceeds the upper limit, an alarm is generated and recorded in the log. Then, the peer relationship is disconnected. The devices try to re-establish the peer relationship after 30 seconds.
NOTE: Assume that the delay for updating the routing policy is short. If the peer route-limit command is used, changing a routing policy may cause the number of routes to exceed the upper limit. As a result, the BGP peer relationship is disconnected. The route-policy-change notify-delay command can be used to adjust the delay.
Example
# Set the maximum number of routes that can be received from peers.
<sysname> system-view
[sysname] bgp 100
[sysname-bgp] peer 1.1.1.2 as-number 200
[sysname-bgp] ipv4-family unicast
[sysname-bgp-af-ipv4] peer 1.1.1.2 route-limit 10000
<sysname> system-view
[sysname] bgp 100
[sysname-bgp] ipv6-family unicast
[sysname-bgp-af-ipv6] peer 1:2::3:4 as-number 200
[sysname-bgp-af-ipv6] peer 1:2::3:4 enable
[sysname-bgp-af-ipv6] peer 1:2::3:4 route-limit 10000
# Set the maximum number of routes that can be received from peers to 5000 and the percentage to 80% so that an alarm is generated when the number of routes exceeds 4000 (5000 x 80%).
<sysname> system-view
[sysname] bgp 100
[sysname-bgp] peer 1.1.1.2 as-number 200
[sysname-bgp] ipv4-family unicast
[sysname-bgp-af-ipv4] peer 1.1.1.2 route-limit 5000 80
# Set the maximum number of routes that can be received from peers to 5000, trigger an alarm, and prevent the device from receiving routes any more when the number of routes exceeds 5000 without disconnecting BGP peer relationships.
<sysname> system-view
[sysname] bgp 100
[sysname-bgp] peer 1.1.1.2 as-number 200
[sysname-bgp] ipv4-family unicast
[sysname-bgp-af-ipv4] peer 1.1.1.2 route-limit 5000 alert-only
# Set the maximum number of routes that can be received from peers to 5000 and disconnect BGP peer relationships without re-establishing the relationships automatically when the number of routes exceeds 5000.
<sysname> system-view
[sysname] bgp 100
[sysname-bgp] peer 1.1.1.2 as-number 200
[sysname-bgp] ipv4-family unicast
[sysname-bgp-af-ipv4] peer 1.1.1.2 route-limit 5000 idle-forever
# Set the maximum number of routes that can be received from peers to 5000 and the percentage to 80% so that an alarm is generated when the number of routes exceeds 4000 (5000 x 80%). In addition, enable the device to disconnect BGP peer relationships when the number of routes exceeds 5000 and re-establish the relationships in 10 minutes.
<sysname> system-view
[sysname] bgp 100
[sysname-bgp] peer 1.1.1.2 as-number 200
[sysname-bgp] ipv4-family unicast
[sysname-bgp-af-ipv4] peer 1.1.1.2 route-limit 5000 80 idle-timeout 10