Add rate limiting

2020-05-11 14:11:13 +01:00 · 2020-05-11 14:11:13 +01:00 · 8425aff428
commit 8425aff428
parent 9a70a3e303
2 changed files with 20 additions and 0 deletions
--- a/pages/01.home/maintenance-log/default.md
+++ b/pages/01.home/maintenance-log/default.md
@ -10,6 +10,13 @@ A log of changes to the burble.dn42 network.

 ## burble.dn42 Maintenance Log

+#### 11th May 2020
+
+Rate limiting on BGP sessions has been implemented to protect the network from major
+route flapping events. The rate limiting should only kick in after 30+ minutes of
+extremely high updates (or even longer for milder events), but please let me know if
+this causes any issues.
+
 #### 8th May 2020

 us-lax1 has been migrated. If you peer with me please remember to update the
--- a/pages/02.peering/default.md
+++ b/pages/02.peering/default.md
@ -89,6 +89,19 @@ fd00::/8
 BGP peer addresses are more permissive to allow for link local or non-DN42 IP addresses within the
 tunnel, but these will not be forwarded through the DN42 network.

+##### Flow Control and BGP Rate Limiting
+
+A typical BGP session in DN42 will use a trivial amount of traffic. However, for large networks like
+burble.dn42 some transient events, such as BGP flapping, can generate multi MB/sec traffic flows that
+damange the network and create instability across DN42.
+
+To protect the network from misconfigurations and prevent excessive updates from being propagated to the
+rest of DN42, the burble.dn42 network implements rate limiting on direct BGP sessions. The rate limiting
+activates when a large amount of BGP traffic is seen (typically 10's or 100's of thousands of
+updates a second) over a sustained period and will typically reset automatically within an hour.
+
+There are no other controls applied to transit or non-BGP traffic.
+
 #### BGP Configuration

 |||