03-31-2010 10:28 AM - edited 03-04-2019 07:59 AM
Recently my office encounter an issue where our ISP informed us that our router had advertised a high number of network prefix which causes the BGP session to go down (as there was a limit set for the number of prefix it can accept). That lasted for >12 hours.
However the problem was resolved automatically thereafter without any intervention at our end and the number of prefix advertised dropped back to normal.
How could such incident happen and what could be the possible causes for the surge assuming there is no misconfig of router?
Could there also be a possibility of a problem with the PE router?
03-31-2010 11:35 AM
High number of prefixes caused BGP to go down? If the ISp has a limit on their end they would probably drop the other prefixes, not bring the BGP session down. If the BGP session is already down, how would the PE know when the number of prefixes has gone down?
Can your ISP provide some information from their end to show which prefixes we had advertised?
Also, how many prefixes do you normally advertise and did you check during the problem to see how many prefixes you were advertising?
In my opinion there was something wrong with the ISP end, without some proof we cannot blame our router.
03-31-2010 12:32 PM
Hello Belerin,
if your router advertises IP prefixes only with network commands and/or you implement an outbound filter towards the ISP there are no ways to advertise more prefixes then expected.
Conversely, if you redistribute an IGP into BGP without an outbound filter then the router is exposed to the risk to advertise a variable number of prefixes over time for example because an aggregate prefix configured under the IGP was removed.
In this second scenario a change in the IGP domain could cause a change in the number of IP prefixes advertised.
Another possible scenario could be the following:
your BGP router is multihomed and it has no outbound filter to this ISP that implements route control with n. of rx prefixes (ISP1) and advertised prefixes received from ISP2 to ISP1.
to be noted these scenarios would imply some lack of routing control that it is not common nowdays.
Hope to help
Giuseppe
03-31-2010 07:01 PM
Thanks for reply, I'm actually not a very network-saavy person.
The ISP's PE log shows eg. "no. of prefix received from
We did not check the advertised routes on our end when it happened because onsite personnel was not aware how to check it. If we had known then how to check it at that point in time we would have an easier time identifying the root cause
The strange part is how it could have exceeded when we are only advertising 18 prefixes based on router configuration, and through no intervention on our end the prefixes drop back to normal a few hours later. We do not have multihoming, or at least not that I'm aware. Till now I still do not have the root cause for this surge. And btw could a virus attack actually cause this?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide