configure msdp peer sa-limit

configure msdp peer [remoteaddr | all] sa-limit max-sa {vr vr_name}

Description

This command allows you to limit the number of SA entries from an MSDP (Multicast Source Discovery Protocol) peer that the router will allow in the SA cache. To allow an unlimited number of SA entries, use 0 (zero) as the value for max-sa.

Syntax Description

peer all Specifies all MSDP peers.
remoteaddr Specifies the IP address of the MSDP peer.
max-sa Specifies the maximum number of SA entries from an MSDP peer allowed in the SA cache. To specify an unlimited number of SA entries, use 0 (zero) as the value for max-sa.
vr_name Specifies the name of the virtual router to which this command applies. If a name is not specified, it is extracted from the current CLI context.

Default

By default, no SA entry limit is set. The router can receive an unlimited number of SA entries from an MSDP peer.

Usage Guidelines

You can use this command to prevent a distributed denial of service (DOS) attack. We recommend that you configure an MSDP SA limit on all MSDP peer sessions. Note that a rejected SA cache entry is not included in the number of SA cache entries received from a peer.

Example

The following example configures the SA entry limit of 500 for the MSDP peer with the IP address 192.168.45.43:

configure msdp peer 192.168.45.43 sa-limit 500

History

This command was first available in ExtremeXOS 12.0.

Platform Availability

This command is available on platforms that support the appropriate license. For complete information about software licensing, including how to obtain and upgrade your license and which licenses support the MSDP feature, see the ExtremeXOS 22.2 Feature License Requirements document.