This command allows you to limit the number of SA entries from an MSDP (Multicast Source Discovery Protocol) peer that the router will allow in the SA cache. To allow an unlimited number of SA entries, use 0 (zero) as the value for max-sa.
peer all | Specifies all MSDP peers. |
remoteaddr | Specifies the IP address of the MSDP peer. |
max-sa | Specifies the maximum number of SA entries from an MSDP peer allowed in the SA cache. To specify an unlimited number of SA entries, use 0 (zero) as the value for max-sa. |
vr_name | Specifies the name of the virtual router to which this command applies. If a name is not specified, it is extracted from the current CLI context. |
By default, no SA entry limit is set. The router can receive an unlimited number of SA entries from an MSDP peer.
You can use this command to prevent a distributed denial of service (DOS) attack. We recommend that you configure an MSDP SA limit on all MSDP peer sessions. Note that a rejected SA cache entry is not included in the number of SA cache entries received from a peer.
The following example configures the SA entry limit of 500 for the MSDP peer with the IP address 192.168.45.43:
configure msdp peer 192.168.45.43 sa-limit 500
This command was first available in ExtremeXOS 12.0.
This command is available on platforms that support the appropriate license. For complete information about software licensing, including how to obtain and upgrade your license and which licenses support the MSDP feature, see the ExtremeXOS 22.6 Feature License Requirements document.