search

pierky / arouteserver

A tool to automatically build (and test) feature-rich configurations for BGP route servers.
https://arouteserver.readthedocs.org/
GNU General Public License v3.0
288 stars 46 forks source link

add percentage to PDB maxprefix suggestions #12

Closed job closed 7 years ago

job commented 7 years ago

I have the following configuration

    max_prefix:
      action: "restart"
      restart_after: 15
      peering_db: True

but some of the IX participants fill into peeringdb their exact route announcement count rather than a recommendation on what others should configure. I think arouteserver should add "absolute 100" and then also increase with say 15%. This will prevent flapping with the small ones

job commented 7 years ago

Another aspect: when the default value is lower than what is stated on peeringdb, or the client-specific value is lower than what is stated on PDB, I think the PDB value should be choosen. We have to assume that some routeserver operators run things on autopilot, and I think PDB is the most authoritive source when it is the highest value, but when it is lower it no longer is authoritive and the arouteserver config should be used. :)

pierky commented 7 years ago

I'm going to add an option to accommodate those networks that fill the PeeringDB records with their exact announcement count. As you suggested it is based on two values: an absolute one and a relative one, so that the final limit is given by (<PeeringDB value> + <absolute>) * (1 + <relative> / 100). Of course these values can be set both to zero to bypass this functionality.

With regards of your second comment to this issue I think I'll leave the current behaviour as it is now. The first case,

when the default value is lower than what is stated on peeringdb

is already handled by the current implementation, since the general limit value is used only when there is not a client-level limit nor the limit is fetched from PeeringDB.

If operators run their route server on autopilot IMHO we should assume that a manually entered client specific value must have the highest priority, just because it requires a very specific manual intervention to be set that - hopefully - is strongly wanted by the operator itself.

The only case left is when the value from PeeringDB is lower than the general limit: in this case when the max-prefix will be hit the operator will choose whether to silently fix the client's limit or to tell the peer to fix their PeeringDB entry. This could be a good chance to improve PeeringDB data quality too ;-)

Can this work for you @job?

job commented 7 years ago

Yes, the current beta works for me.

Based on experience at YYCIX i recommend that a default of "increment absolutely 500" followed by "increment with 15%" is the best path forward (especially if we consider that arouteserver has other layers of security like the prefix filter, origin filter and transit-free filter). It is good to be generous with the maxpfx settings