How to configure BGP prefix-limit on Juniper

Posted byVyacheslav Leave a comment on How to configure BGP prefix-limit on Juniper

I will give an example of setting up prefix-limit for BGP so that a neighbor does not accidentally send more routes than he should.

Let’s see how many prefixes have been received and are currently active:

show bgp group summary
show bgp group detail
show bgp group brief

Example view for a specific neighbor:

show bgp neighbor 192.168.5.5 | match prefixes

    Active prefixes:              674441
    Received prefixes:            910894
    Accepted prefixes:            910893
    Advertised prefixes:          1

Let’s move on to setting up the group:

edit protocols bgp group IXNFO.COM

And we’ll indicate a limit, for example 1,200,000, the limit will apply to each neighbor in the group separately (not shared):

set family inet unicast prefix-limit maximum 1200000
set family inet unicast prefix-limit teardown 95

You can also specify each neighbor individually if you need different limits:

edit protocols bgp group IXNFO.COM neighbor 192.168.5.5
set family inet unicast prefix-limit maximum 1200000
set family inet unicast prefix-limit teardown 95

teardown is indicated as a percentage from 1 to 100 and is only necessary to notify in the logs, for example, I specified teardown 95, which means that when 95% of the limit specified in maximum is reached, the device will report to the logs. If teardown is not specified, then an entry will appear in the logs only when 100% of the limit specified in maximum is reached, and the session with the bgp neighbor will be interrupted for a short period and will receive the Idle state with the PrefixLimitIdle flag.
The BGP session break period can be specified manually, for example, 5 minutes or forever (possible idle-timeout range is from 1 to 2400 minutes):

set family inet unicast prefix-limit teardown 95 idle-timeout 5
set family inet unicast prefix-limit teardown 95 idle-timeout forever

If you specify “idle-timeout forever”, then the session with the BGP neighbor will be opened only manually after executing the command:

clear bgp neighbor 192.168.5.5

If you specify “drop-excess”, the session will not be terminated, and unnecessary routes will be discarded:

set family inet unicast prefix-limit drop-excess <percentage>

See also my article:
Configuring iBGP on Juniper MX
Configuring eBGP on Juniper MX – traffic balancing

Leave a comment

Leave a Reply