From 8425aff428a775ef9a3d6dc0483032fa8d5ae3f3 Mon Sep 17 00:00:00 2001 From: Simon Marsh Date: Mon, 11 May 2020 14:11:13 +0100 Subject: [PATCH] Add rate limiting --- pages/01.home/maintenance-log/default.md | 7 +++++++ pages/02.peering/default.md | 13 +++++++++++++ 2 files changed, 20 insertions(+) diff --git a/pages/01.home/maintenance-log/default.md b/pages/01.home/maintenance-log/default.md index 87bca98..cb4ed20 100755 --- a/pages/01.home/maintenance-log/default.md +++ b/pages/01.home/maintenance-log/default.md @@ -10,6 +10,13 @@ A log of changes to the burble.dn42 network. ## burble.dn42 Maintenance Log +#### 11th May 2020 + +Rate limiting on BGP sessions has been implemented to protect the network from major +route flapping events. The rate limiting should only kick in after 30+ minutes of +extremely high updates (or even longer for milder events), but please let me know if +this causes any issues. + #### 8th May 2020 us-lax1 has been migrated. If you peer with me please remember to update the diff --git a/pages/02.peering/default.md b/pages/02.peering/default.md index 060c3e4..3f106b6 100755 --- a/pages/02.peering/default.md +++ b/pages/02.peering/default.md @@ -89,6 +89,19 @@ fd00::/8 BGP peer addresses are more permissive to allow for link local or non-DN42 IP addresses within the tunnel, but these will not be forwarded through the DN42 network. +##### Flow Control and BGP Rate Limiting + +A typical BGP session in DN42 will use a trivial amount of traffic. However, for large networks like +burble.dn42 some transient events, such as BGP flapping, can generate multi MB/sec traffic flows that +damange the network and create instability across DN42. + +To protect the network from misconfigurations and prevent excessive updates from being propagated to the +rest of DN42, the burble.dn42 network implements rate limiting on direct BGP sessions. The rate limiting +activates when a large amount of BGP traffic is seen (typically 10's or 100's of thousands of +updates a second) over a sustained period and will typically reset automatically within an hour. + +There are no other controls applied to transit or non-BGP traffic. + #### BGP Configuration |||