These are chat archives for Exa-Networks/exabgp

19th
Aug 2016
rodrigocsousa
@rodrigocsousa
Aug 19 2016 17:10
Hey guys, I am quite new on exabgp, so I am sorry if I am asking somthing stuped but I made some research and did not find anything that can help me. I am using exabgp + Wanguard (a tool that detect simple attacks and "mitigate" them). Everything is working almost perfectly. However, when I reach 1446 advertisements, wanguard is not able anymore to push more updates to exabgp and open hundred of procss trying to push updates. Wanguard invokes its own script to push any new BGP advertisement on exabgp. I asked their support and they informed me that there is no limitation on wanguard side and I am sure that exabgp also does not have any limitation. I am running exabgp 3.4.16 on debian 8. Can you give me some help guys?
Thomas Mangin
@thomas-mangin
Aug 19 2016 17:59
I will happily work with the wanguard team but as you pointed, there is no limit to the number of routes ExaBGP can process.
rodrigocsousa
@rodrigocsousa
Aug 19 2016 18:03
Hey @thomas-mangin, thanks for the response! My concern is just if someone reported this problem with routes before?
Thomas Mangin
@thomas-mangin
Aug 19 2016 18:03
Never and there is no reason for this magic 1446 number … does the problem happens after a full restart of both applications ?
Could you please share with me off-line the script that wanguard uses (if they are ok with it) so I can try to figure out what is not right ?
It is 19:06 local time and I have some things planned this evening but I should be able to have a look this week-end
rodrigocsousa
@rodrigocsousa
Aug 19 2016 18:08
Sure, I can share it, but it is too big, because it connects on the Wanguard database to get/push information, but I think I can share it with you.
Thomas Mangin
@thomas-mangin
Aug 19 2016 18:12
Sorry - I do not understand the relation between code size and the connection with a DB ..
You can email me at first @ last dot com
JustinAzoff @JustinAzoff is currently injecting 30429 /32 routes to 3 peers
Justin
@JustinAzoff
Aug 19 2016 20:04
sounds like their app may have an issue with a pipe buffer filling up or something and locking up
rodrigocsousa
@rodrigocsousa
Aug 19 2016 20:04
Hey @thomas-mangin , I made a change on Wanguard side (aparently the problem was there).
I stopped the test with more than 3000 routes.
show route table inetflow.0 | match term | count
Count: 3048 lines
They have a value on their database called "max_flowspec"
I changed to 300,000 and it apparently solved the problem.
Sorry for ask you guys :)
Justin
@JustinAzoff
Aug 19 2016 20:10
ah, if you are using flowspec, you may want to double check with your router specs on what the max number of rules it supports
A maximum of 3000 flowspec rules are supported per system.
so, careful :)
rodrigocsousa
@rodrigocsousa
Aug 19 2016 21:08
Wow! That is good to know!
I will search it for Juniper MX series.
Thomas Mangin
@thomas-mangin
Aug 19 2016 22:29
Good luck I think the answer is JunOS dependant and Juniper themselves may not know exactly.
IE it depend on which JunOS train you are
In the old days too many rules could cause the ASIC to not be able to process packets at wire speed
Let us know if you find what are the limits
rodrigocsousa
@rodrigocsousa
Aug 19 2016 22:34
I made a research and did not find anything. I have a friend in Juniper and asked him about it. Once I get the official limit for my router (MX 480 with 2 x RE-S-2000 and 2 x MPC 3D 16x 10GE), I let you know guys!