Guest

Cisco IOS Software Releases 12.0 S

EIGRP Prefix Limit Support

  • Viewing Options

  • PDF (391.2 KB)
  • Feedback
EIGRP Prefix Limit Support

Table Of Contents

EIGRP Prefix Limit Support

Contents

Prerequisites for EIGRP Prefix Limit Support

Restrictions for EIGRP Prefix Limit Support

Information About EIGRP Prefix Limit Support

Misconfigured VPN Peers

EIGRP Prefix Limit Support Overview

Warning-Only Mode

Restart, Reset, and Dampening Timers and Counters

Supported only Under the IPv4 VRF Address Family

How to Configure the Maximum Prefix Limit

Configuring the Maximum Number of Prefix Accepted from Peering Sessions

Inherited Timer Values

Prerequisites

Restrictions

Troubleshooting Tips

Configuring the Maximum Number of Prefixes Learned Through Redistribution

Inherited Timer Values

Prerequisites

Restrictions

Troubleshooting Tips

Configuring the Maximum Prefix Limit for an EIGRP Process

Inherited Timer Values

Prerequisites

Restrictions

Troubleshooting Tips

Verifying the EIGRP Maximum Prefix Limit Configuration

Example

Configuration Examples for Configuring the Maximum Prefix Limit

Configuring the Maximum Prefix Limit for a Single Peer: Example

Configuring the Maximum Prefix Limit for all Peers: Example

Configuring the Maximum Prefix Limit for Redistributed Routes: Example

Configuring the Maximum Prefix Limit for an EIGRP Process: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

maximum-prefix

neighbor maximum-prefix (EIGRP)

redistribute maximum-prefix (EIGRP)

show ip eigrp accounting

show ip eigrp vrf accounting


EIGRP Prefix Limit Support


The EIGRP Prefix Limit Support feature introduces the capability to limit the number of prefixes per VRF that are accepted from a specific peer or to limit all prefixes that are accepted by an Enhanced Interior Gateway Routing Protocol (EIGRP) process through peering and/or redistribution. This feature is designed to protect the local router from external misconfiguration that can negatively impact local system resources, for example a peer that is misconfigured to redistribute full Border Gateway Protocol (BGP) routing tables into EIGRP. This feature is enabled under the IPv4 VRF address-family and can be configured to support the MPLS VPN support for EIGRP between Provider Edge (PE) and Customer Edge (CE) feature.

Feature History for the EIGRP Prefix Limit Support feature

Release
Modification

12.0(29)S

This feature was introduced.

12.3(14)T

This feature was integrated into Cisco IOS Release 12.3(14)T.


Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

Prerequisites for EIGRP Prefix Limit Support

Restrictions for EIGRP Prefix Limit Support

Information About EIGRP Prefix Limit Support

How to Configure the Maximum Prefix Limit

Configuration Examples for Configuring the Maximum Prefix Limit

Additional References

Command Reference

Prerequisites for EIGRP Prefix Limit Support

Multi Protocol Label Switching (MPLS) Virtual Private Network (VPN) services have been configured between the Provider Edge (PE) routers and the Customer Edge (CE) routers at the customer sites.

Restrictions for EIGRP Prefix Limit Support

This feature is supported only under the IPv4 VRF address family and can be used only to limit the number of prefixes that are accepted through a VRF.

A peer that is configured to send too many prefixes or a peer that rapidly advertises and then withdraws prefixes can cause instability in the network. This feature can be configured to automatically reestablish a disabled peering session at the default or user-defined time interval or when the maximum-prefix limit is not exceeded. However, the configuration of this feature alone cannot change or correct a peer that is sending an excessive number of prefixes. If the maximum prefix limit is exceeded, you will need to reconfigure the maximum-prefix limit or reduce the number of prefixes that are sent from the peer.

Information About EIGRP Prefix Limit Support

To configure the EIGRP Prefix Limit Support feature, you must understand the following concepts:

Misconfigured VPN Peers

EIGRP Prefix Limit Support Overview

Warning-Only Mode

Restart, Reset, and Dampening Timers and Counters

Supported only Under the IPv4 VRF Address Family

Misconfigured VPN Peers

In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) the number of routes that are permitted in the VPN routing and forwarding instance (VRF) is configured with the maximum routes VRF configuration command. However, limiting the number routes permitted in the VPN does not protect the local router from a misconfigured peer that sends an excessive number of routes or prefixes. This type of external misconfiguration can have a negative affect on the local router by consuming all available system resources (CPU and memory) in processing prefix updates. Often, this type of misconfiguration can occur on a peer that is not within the control of the local administrator.

EIGRP Prefix Limit Support Overview

The EIGRP Prefix Limit Support feature provides the ability to configure a limit on the number of prefixes that are accepted from EIGRP peers and/or learned through redistribution. This feature can be configured on per-peer or per-process basis and can be configured for all peers and processes. This feature is designed to protect the local router from misconfigured external peers by limiting the amount of system resources that can be consumed to process prefix updates.

Protecting the Router from External Peers

This feature can be configured to protect an individual peering session or protect all peering sessions. When this feature is enabled and the maximum-prefix limit has been exceeded, the router will tear down the peering session, clear all routes that were learned from the peer, and then place the peer in a penalty state for the default or user-defined time period. After the penalty time period expires, normal peering will be reestablished.

Limiting the Number of Redistributed Prefixes

This feature can be configured to limit the number of prefixes that are accepted into the EIGRP topology table through redistribution from the Routing Information Base (RIB). All sources of redistribution are processed cumulatively. When the maximum-prefix limit is exceeded, all routes learned through redistribution are discarded and redistribution is suspended for the default or user-defined time period. After the penalty time period expires, normal redistribution will occur.

Protecting the Router at the EIGRP Process Level

This feature can also be configured to protect the router at the EIGRP process level. When this feature is configured at the EIGRP process level, the maximum prefix limit is applied to all peering sessions and to route redistribution. When the maximum-prefix limit is exceeded, all sessions with the remote peers are torn down, all routes learned from remote peers are removed from the topology and routing tables, all routes learned from through redistribution are discarded, and redistribution and peering are suspended for the default or user-defined time period.

Warning-Only Mode

The EIGRP Prefix Limit Support feature has two modes of operation. This feature can control peering and redistribution per default and user-defined values or this feature can operate in warning-only mode. In warning-only mode the router will monitor the number of prefixes learned through peering and/or redistribution but will not take any action when the maximum prefix limit is exceeded. Warning-only mode is activated only when the warning-only keyword is configured for any of the maximum-prefix limit commands. Only syslog messages are generated when this mode of operation is enabled. Syslog messages can be sent to a syslog server or printed in the console. These messages can be buffered or rate limited per standard Cisco IOS system logging configuration options. For more information about system logging in Cisco IOS software, refer to the following document:

Cisco IOS Configuration Fundamentals and Network Management Configuration Guide, Release 12.3

Restart, Reset, and Dampening Timers and Counters

When the maximum-prefix limit is exceeded, peering and/or redistribution is suspended for a default or user-defined time period. If the maximum-prefix limit is exceeded too often, redistribution and/or peering will be suspended until the manual intervention is taken. This feature has 3 user-configurable timers and a dampening timer.

Restart Timer

The restart timer determines how long the router will wait to form an adjacency or accept redistributed routes from the RIB after the maximum-prefix limit has been exceeded. The default restart-time period is 5 minutes.

Restart Counter

The restart counter determines the number of times a peering session can be automatically reestablished after the peering session has been torn down or after the a redistributed routes have been cleared and relearned because the maximum-prefix limit has been exceeded. The default restart-count limit is 3.


Warning After the restart count limit has been crossed, you will need to enter the clear ip route * or clear ip eigrp neighbor command to restore normal peering and/or redistribution.


Reset Timer

The reset timer is used to configure the router to reset the restart count to 0 after the default or configured reset-time period has expired. This timer is designed to provide administrator with control over long and medium term accumulated penalties. The default reset-time period is 15 minutes.

Dampening Mechanism

The dampening mechanism is used to apply an exponential decay penalty to the restart-time period each time the maximum-prefix limit is exceeded. The half-life for the decay penalty is 150% of the default or user-defined restart-time value in minutes. This mechanism is designed to identify and suppress unstable peers. It is disabled by default.

Supported only Under the IPv4 VRF Address Family

This feature is enabled only under the IPv4 VRF address-family. This feature can be configured to control the number prefixes that are accepted from Customer Edge (CE) routers in an EIGRP MPLS VPN. For more information about EIGRP MPLS VPN configuration, refer to the following document:

MPLS VPN support for EIGRP between Provider Edge (PE) and Customer Edge (CE)

How to Configure the Maximum Prefix Limit

This section contains the following tasks:

Configuring the Maximum Number of Prefix Accepted from Peering Sessions

Configuring the Maximum Number of Prefixes Learned Through Redistribution

Configuring the Maximum Prefix Limit for an EIGRP Process

Verifying the EIGRP Maximum Prefix Limit Configuration

Configuring the Maximum Number of Prefix Accepted from Peering Sessions

The maximum-prefix limit can be configured for all peering sessions or individual peering sessions with the neighbor maximum-prefix (EIGRP) command. When the maximum-prefix limit is exceeded, the session with the remote peer is torn down and all routes learned from the remote peer are removed from the topology and routing tables. The maximum-prefix limit that can be configured is limited only by the available system resources on the router.


Note In EIGRP, neighbor commands have been used traditionally to configure static neighbors. In the context of this feature, however, the neighbor maximum-prefix command can be used to configure the maximum-prefix limit for both statically configured and dynamically discovered neighbors.


Inherited Timer Values

Default or user-defined restart, restart-count, and reset-time values for the process-level configuration of this feature, configured with the maximum-prefix command, are inherited by the redistribute maximum-prefix and neighbor maximum-prefix command configurations by default. If a single peer is configured with the neighbor maximum-prefix command, a process-level configuration or a configuration that is applied to all neighbors will be inherited.

Prerequisites

VRFs have been created and configured. EIGRP peering is established through the MPLS VPN.

Restrictions

This task can be configured only in IPv4 VRF address-family configuration mode.

When configuring the neighbor maximum-prefix command to protect a single peering session, only the maximum-prefix limit, the percentage threshold, the warning-only configuration options can be configured. Session dampening, restart, and reset timers are configured on a global basis.

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp as-number

4. address-family ipv4 [unicast] vrf vrf-name

5. neighbor ip-address maximum-prefix maximum [threshold] [warning-only]

6. neighbor maximum-prefix maximum [threshold] [[dampened] [reset-time minutes] [restart minutes] [restart-count number] | [warning-only]]

7. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp as-number

Example:

Router(config)# router eigrp 1

Enters router configuration mode and creates an EIGRP routing process.

Step 4 

address-family ipv4 [unicast] vrf vrf-name

Example:

Router(config-router)# address-family ipv4 vrf RED

Enters address-family configuration mode and creates a session for the VRF.

Step 5 

neighbor ip-address maximum-prefix maximum [threshold] [warning-only]

Example:

Router(config-router-af)# neighbor 10.0.0.1 maximum-prefix 10000 80 warning-only

Limits the number of prefixes that are accepted from the specified EIGRP neighbor.

The example configures a maximum-prefix limit of 10000 for the 10.0.0.1 neighbor and warning messages to be displayed when 80 percent of the limit has been reached.

The ip-address argument is configured when applying this command to a single peer.

The maximum argument sets the number of prefixes allowed under the address family. The range for this argument is a number from 1 to 4294967295.

The threshold argument configures the router to generate syslog warning messages when the specified percentage of the maximum-prefix limit has been exceeded. The prefix percentage number that can be configured for the threshold argument is from 1 to 100. The default threshold is 75 percent.

The warning-only keyword configures the router to only generate syslog messages when the maximum-prefix limit is exceeded, instead of terminating the peering session.

Step 6 

neighbor maximum-prefix maximum [threshold] [[dampened][reset-time minutes] [restart minutes] [restart-count number] | [warning-only]]

Example:

Router(config-router-af)# neighbor maximum-prefix 10000 80 warning-only

Limits the number of prefixes that are accepted from all EIGRP neighbors.

The example configures maximum-prefix limit of 10000 for all neighbors and warning messages to be displayed when 80 percent of the limit has been reached. Because the warning-only keyword is configured, no action will occur.

The maximum argument sets the number of prefixes allowed under the address family. The range for this argument is a number from 1 to 4294967295.

The threshold argument configures the router to generate syslog warning messages when the specified percentage of the maximum-prefix limit has been exceeded. The prefix percentage number that can be configured for the threshold argument is from 1 to 100. The default threshold is 75 percent.

The warning-only keyword configures the router to only generate syslog messages when the maximum-prefix limit is exceeded, instead of terminating the peering session.

The restart keyword configures a time period in which the router will not form adjacencies after the maximum-prefix limit has been exceeded. The range of values that can be applied with the minutes argument is from 1 to 65535 minutes. The default restart-time period is 5 minutes.

The restart-count keyword configures the number of times a peering session can automatically be reestablished after the peering session has been torn down because the maximum-prefix limit has been exceeded. The default restart-count limit is 3.

The reset-time keyword configures the router to reset the restart count to 0 after the default or user-defined reset-time period has expired. The range of values that can be applied with the minutes argument is from 1 to 65535 minutes. The default reset-time period is 15 minutes.

The dampened keyword configures a decay penalty to be applied to the restart-time period each time the maximum-prefix limit is exceeded. The half-life for the decay penalty is 150% of the default or user-defined restart-time value in minutes. This function is disabled by default.

Step 7 

end

Example:

Router(config-router-af)# end

Exits address-family configuration mode and enters privileged EXEC mode.

Troubleshooting Tips

If an individual peer or all peers have exceeded the maximum-prefix limit the same number of times as the default or user-defined restart-count value, the individual session or all sessions will need to be manually reset with the clear ip route* or clear ip eigrp neighbor command before normal peering can be reestablished.

Configuring the Maximum Number of Prefixes Learned Through Redistribution

The maximum prefix limit can be configured for prefixes learned through redistribution with the redistribute maximum-prefix (EIGRP) command. When the maximum-prefix limit is exceeded, all routes learned from the Routing Information Base (RIB) will be discarded and redistribution will be suspended for the default or user-defined time period. The maximum-prefix limit that can be configured for redistributed prefixes is limited only by the available system resources on the router.

Inherited Timer Values

Default or user-defined restart, restart-count, and reset-time values for the process-level configuration of this feature, configured with the maximum-prefix command, are inherited by the redistribute maximum-prefix and neighbor maximum-prefix command configurations by default. If a single peer is configured with the neighbor maximum-prefix command, a process-level configuration or a configuration that is applied to all neighbors will be inherited.

Prerequisites

VRFs have been created and configured. EIGRP peering is established through the MPLS VPN.

Restrictions

This task can be configured only in IPv4 VRF address-family configuration mode.

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp as-number

4. address-family ipv4 [unicast] vrf vrf-name

5. redistribute maximum-prefix maximum [threshold] [[dampened] [reset-time minutes] [restart minutes] [restart-count number] | [warning-only]]

6. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp as-number

Example:

Router(config)# router eigrp 1

Enters router configuration mode and creates an EIGRP routing process.

Step 4 

address-family ipv4 [unicast] vrf vrf-name

Example:

Router(config-router)# address-family ipv4 vrf RED

Enters address-family configuration mode and creates a session for the VRF.

Step 5 

redistribute maximum-prefix maximum [threshold] [[dampened] [reset-time minutes] [restart minutes] [restart-count number] | [warning-only]]

Example:

Router(config-router-af)# redistribute maximum-prefix 10000 80 reset-time 10 restart 2

Limits the number of prefixes redistributed into an EIGRP process.

The example configures a maximum-prefix limit of 10000 prefixes, warning message to be displayed at 80 percent of the maximum prefix limit, a reset time period of 10 minutes, and a restart time period of 2 minutes.

The maximum argument sets the number of prefixes allowed under the address family. The range for this argument is a number from 1 to 4294967295.

The threshold argument configures the router to generate syslog warning messages when the specified percentage of the maximum-prefix limit has been exceeded. The prefix percentage number that can be configured for the threshold argument is from 1 to 100. The default threshold is 75 percent.

The warning-only keyword configures the router to only generate syslog messages when the maximum-prefix limit is exceeded, instead of suspending redistribution.

The restart keyword configures a time period in which the router will not form adjacencies or accept redistributed routes from the RIB after the maximum-prefix limit has been exceeded. The range of values that can be applied with the minutes argument is from 1 to 65535 minutes. The default restart-time period is 5 minutes.

 

The restart-count keyword configures the number of times a peering session can automatically be reestablished after the peering session has been torn down or after the a redistribute route has been cleared and relearned because the maximum-prefix limit has been exceeded. The default restart-count limit is 3.

The reset-time keyword configures the router to reset the restart count to 0 after the default or user-defined reset-time period has expired. The range of values that can be applied with the minutes argument is from 1 to 65535 minutes. The default reset-time period is 15 minutes.

The dampened keyword configures a decay penalty to be applied to the restart-time period each time the maximum-prefix limit is exceeded. The half-life for the decay penalty is 150% of the default or user-defined restart-time value in minutes. This function is disabled by default.

Step 6 

end

Example:

Router(config-router-af)# end

Exits address-family configuration mode and enters privileged EXEC mode.

Troubleshooting Tips

If the maximum-prefix limit has been exceeded for redistribution the same number of times as the default or user-defined restart-count value, the clear ip route * or clear ip eigrp neighbor command will need to be entered before normal redistribution will occur.

Configuring the Maximum Prefix Limit for an EIGRP Process

The maximum prefix limit can be configured for an EIGRP process to limit the number prefixes that are accepted from all sources. This task is configured with the maximum-prefix command. When the maximum-prefix limit is exceeded, sessions with the remote peers are brought down and all routes learned from remote peers are removed from the topology and routing tables. Also, all routes learned from the RIB are discarded and redistribution is suspended for the default or user-defined time period.

Inherited Timer Values

Default or user-defined restart, restart-count, and reset-time values for the process-level configuration of this feature, configured with the maximum-prefix command, are inherited by the redistribute maximum-prefix and neighbor maximum-prefix command configurations by default. If a single peer is configured with the neighbor maximum-prefix command, a process-level configuration or a configuration that is applied to all neighbors will be inherited.

Prerequisites

VRFs have been created and configured. EIGRP peering is established through the MPLS VPN.

Restrictions

This task can be configured only in IPv4 VRF address-family configuration mode.

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp as-number

4. address-family ipv4 [unicast] vrf vrf-name

5. maximum-prefix maximum [threshold] [[dampened] [reset-time minutes] [restart minutes] [restart-count number] | [warning-only]]

6. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp as-number

Example:

Router(config)# router eigrp 1

Enters router configuration mode and creates an EIGRP routing process.

Step 4 

address-family ipv4 [unicast] vrf vrf-name

Example:

Router(config-router)# address-family ipv4 vrf RED

Enters address-family configuration mode and creates a session for the VRF.

Step 5 

maximum-prefix maximum [threshold] [[dampened] [reset-time minutes] [restart minutes] [restart-count number] | [warning-only]]

Example:

Router(config-router-af)# maximum-prefix 10000 80 warning-only reset-time 10 restart 2

Limits the number of prefixes that are accepted under an address- family by an EIGRP process.

The example configures a maximum-prefix limit of 10000 prefixes, warning message to be displayed at 80 percent of the maximum prefix limit, a reset time period of 10 minutes, and a restart time period of 2 minutes.

 

The maximum argument sets the number of prefixes allowed under the address family. The range for this argument is a number from 1 to 4294967295.

The threshold argument configures the router to generate syslog warning messages when the specified percentage of the maximum-prefix limit has been exceeded. The prefix percentage number that can be configured for the threshold argument is from 1 to 100. The default threshold is 75 percent.

The warning-only keyword configures the router to only generate syslog messages when the maximum-prefix limit is exceeded, instead of terminating the peering session and/or suspending redistribution.

The restart keyword configures a time period in which the router will not form adjacencies or accept redistributed routes from the RIB after the maximum-prefix limit has been exceeded. The range of values that can be applied with the minutes argument is from 1 to 65535 minutes. The default restart-time period is 5 minutes.

The restart-count keyword configures the number of times a peering session can automatically be reestablished after the peering session has been torn down or after the a redistribute route has been cleared and relearned because the maximum-prefix limit has been exceeded. The default restart-count limit is 3.

The reset-time keyword configures the router to reset the restart count to 0 after the default or user-defined reset-time period has expired. The range of values that can be applied with the minutes argument is from 1 to 65535 minutes. The default reset-time period is 15 minutes.

The dampened keyword configures a decay penalty to be applied to the restart-time period each time the maximum-prefix limit is exceeded. The half-life for the decay penalty is 150% of the default or user-defined restart-time value in minutes. This function is disabled by default.

Step 6 

end

Example:

Router(config-router-af)# end

Exits address-family configuration mode and enters privileged EXEC mode.

Troubleshooting Tips

If the maximum-prefix limit has been exceeded for redistribution the same number of times as the default or user-defined restart-count value, the clear ip route * or clear ip eigrp neighbor command will need to be entered before normal redistribution will occur.

Verifying the EIGRP Maximum Prefix Limit Configuration

The configuration and status of route sources and prefix limit timers can be displayed in the output of the show ip eigrp accounting or show ip eigrp vrf accounting Exec commands.


Note Connected and summary routes are not listed individually in the output from these show commands but are counted in the total aggregate count per process.


SUMMARY STEPS

1. enable

2. show ip eigrp accounting [as-number]

3. show ip eigrp vrf vrf-name| * accounting [as-number]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

show ip eigrp accounting [as-number]

Example:

Router# show ip eigrp accounting

Displays prefix accounting information for EIGRP processes.

Step 3 

show ip eigrp vrf vrf-name| * accounting [as-number]

Example:

Router# show ip eigrp vrf RED accounting 100

Displays prefix accounting information for EIGRP VRFs.

Example

The following is sample output from the show ip eigrp vrf accounting command. The output field descriptions are described in Table 2.

Router# show ip eigrp vrf RED accounting 
IP-EIGRP accounting for AS(100)/ID(10.0.2.1) Routing Table: RED
Total Prefix Count: 4  States: A-Adjacency, P-Pending, D-Down
State Address/Source   Interface        Prefix   Restart  Restart/
                                        Count     Count   Reset(s)
 P    Redistributed     ----               0           3         211
 A    10.0.1.2          Et0/0              2           0          84
 P    10.0.2.4          Se2/0              0           2         114
 D    10.0.1.3          Et0/0              0           3           0

Configuration Examples for Configuring the Maximum Prefix Limit

The following examples show how to configure this feature:

Configuring the Maximum Prefix Limit for a Single Peer: Example

Configuring the Maximum Prefix Limit for all Peers: Example

Configuring the Maximum Prefix Limit for Redistributed Routes: Example

Configuring the Maximum Prefix Limit for an EIGRP Process: Example

Configuring the Maximum Prefix Limit for a Single Peer: Example

The following example, starting in global configuration mode, configures the maximum prefix limit for a single peer. The maximum limit is set to 1000 prefixes, and the warning threshold is set to 80 percent. When the maximum prefix limit is exceeded, the session with this peer will be torn down, all routes learned from this peer will be removed from the topology and routing tables, and this peer will be placed in a penalty state for 5 minutes (default penalty value).

Router(config)# router eigrp 100
Router(config-router)# address-family ipv4 vrf RED
Router(config-router-af)# neighbor 10.0.0.1 maximum-prefix 1000 80 
Router(config-router-af)# end

Configuring the Maximum Prefix Limit for all Peers: Example

The following example, starting in global configuration mode, configures the maximum prefix limit for all peers. The maximum limit is set to 10000 prefixes, the warning threshold is set to 90 percent, the restart timer is set to 4 minutes, a decay penalty is configured for the restart timer with the dampened keyword, and all timers are configured to be reset to 0 every 60 minutes. When the maximum prefix limit is exceeded, all peering sessions will be torn down, all routes learned from all peers will be removed from the topology and routing tables, and all peers will be placed in a penalty state for 4 minutes (user-defined penalty value). A dampening exponential decay penalty will also be applied.

Router(config)# router eigrp 100
Router(config-router)# address-family ipv4 vrf RED
Router(config-router-af)# neighbor maximum-prefix 10000 90 dampened reset-time 60 restart4
Router(config-router-af)# end

Configuring the Maximum Prefix Limit for Redistributed Routes: Example

The following example, starting in global configuration mode, configures the maximum prefix limit for routes learned through redistribution. The maximum limit is set to 5000 prefixes and the warning threshold is set to 95percent. When the number of prefixes learned through redistribution reaches 4750 (95 percent of 5000), warning messages will be displayed in the console. Because the warning-only keyword is configured, the topology and routing tables will not be cleared and route redistribution will not be placed in a penalty state.

Router(config)# router eigrp 100
Router(config-router)# address-family ipv4 vrf RED
Router(config-router-af)# redistribute maximum-prefix 5000 95 warning-only 
Router(config-router-af)# end

Configuring the Maximum Prefix Limit for an EIGRP Process: Example

The following example, starting in global configuration mode, configures the maximum prefix limit for an EIGRP process, which includes routes learned through redistribution and routes learned through EIGRP peering sessions. The maximum limit is set to 50000 prefixes. When the number of prefixes learned through redistribution reaches 37500 (75 percent of 50000), warning messages will be displayed in the console. When the maximum prefix limit is exceeded, all peering sessions will be reset, the topology and routing tables will be cleared and redistributed routes and all peering sessions will be placed in a penalty state.

Router(config)# router eigrp 100
Router(config-router)# address-family ipv4 vrf RED
Router(config-router-af)# maximum-prefix 50000 
Router(config-router-af)# end

Additional References

The following sections provide references related to the EIGRP Prefix Limit Support feature.

Related Documents

Related Topic
Document Title

BGP Cost Community configuration tasks for EIGRP MPLS VPN PE-CE

BGP Cost Community Support for EIGRP MPLS VPN PE-CE, Cisco IOS Release 12.0(27)S

CEF commands

Cisco IOS Switching Services Configuration Guide, Release 12.3T

CEF configuration tasks

Cisco IOS Switching Services Command Reference, Release 12.3

EIGRP commands

Cisco IOS IP Command Reference, Volume 2 of 4: Routing Protocols, Release 12.3T

EIGRP configuration tasks

Cisco IOS IP Configuration Guide, Release 12.3

EIGRP MPLS VPN PE-CE configuration tasks

MPLS VPN Support for EIGRP Between Provider Edge and Customer Edge, Cisco IOS Release 12.0(27)S

EIGRP MPLS VPN Site of Origin configuration tasks

EIGRP MPLS VPN PE-CE Site of Origin (SoO), Cisco IOS Release 12.0(27)S

MPLS VPNs configuration tasks

MPLS Virtual Private Networks, Cisco IOS Release 12.0(5)T

System Logging

Cisco IOS Configuration Fundamentals and Network Management Configuration Guide, Release 12.3


Standards

Standards
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.


MIBs

MIBs
MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml


RFCs

RFCs
Title

No new or modified RFCs are supported by this feature, and support for existing standards has not been modified by this feature.


Technical Assistance

Description
Link

Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/public/support/tac/home.shtml


Command Reference

This section documents new commands.

maximum-prefix

neighbor maximum-prefix (EIGRP)

redistribute maximum-prefix (EIGRP)

show ip eigrp accounting

show ip eigrp vrf accounting

maximum-prefix

To limit the number of prefixes that are accepted under an address- family by an Enhanced Interior Gateway Routing Protocol (EIGRP) process, use the maximum-prefix command in address-family configuration mode. To disable this function, use the no form of this command.

maximum-prefix maximum [threshold] [[dampened] [reset-time minutes] [restart minutes] [restart-count number] | [warning-only]]

no maximum-prefix

Syntax Description

maximum

Maximum number of prefixes allowed under an address-family. The range for this argument is a number from 1 to 4294967295.

Note The number of prefixes that can be configured is limited only by the available system resources on the router.

threshold

(Optional) Configures the router to generate syslog warning messages when the specified percentage of the maximum-prefix limit has been exceeded. The prefix percentage number that can be configured for the threshold argument is from 1 to 100. The default is 75 percent.

warning-only

(Optional) Configures the router to only generate syslog messages when the maximum-prefix limit is reached, instead of suspending peering session or route redistribution. This keyword is disabled by default.

restart minutes

(Optional) Configures a time period in which the router will not form adjacencies or accept redistributed routes from the RIB after the maximum-prefix limit has been exceeded. The value for the minutes argument is from 1 to 65535 minutes. The default restart-time period is 5 minutes.

restart-count number

(Optional) Configures the number of times a peering session can be automatically be reestablished after the peering session has been torn down or after the a redistribute route has been cleared and relearned because the maximum-prefix limit has been exceeded. The default restart-count limit is 3.


Warning Once the restart count threshold has been crossed, you will need to enter the clear ip route * or clear ip eigrp neighbor command to reestablish normal peering and/or redistribution.

reset-time minutes

(Optional) Configures the router to reset the restart count to 0 after the default or user-defined reset-time period has expired. The range of values that can be applied with the minutes argument is from 1 to 65535 minutes. The default reset-time period is 15 minutes.

dampened

(Optional) Configures a decay penalty to be applied to the restart-time period each time the maximum-prefix limit is exceeded. The half-life for the decay penalty is 150% of the default or user-defined restart-time value in minutes. This keyword is disabled by default.


Defaults

threshold: 75 percent
reset-time: 15 minutes
restart: 5 minutes
restart-count: 3

Command Modes

Address-family (IPv4 VRF)

Command History

Release
Modification

12.0(29)S

This command was introduced.

12.3(14)T

This command was integrated into Cisco IOS Release 12.3(14)T.


Usage Guidelines

The maximum-prefix is used to configure an EIGRP process to limit the number prefixes that are accepted from all sources. When the maximum-prefix limit is exceeded, sessions with remote peers are torn down, all routes learned from remote peers and through redistribution are removed from the topology and routing tables, and redistribution and peering is suspended for the default or user-defined time period.

Inherited Timer Values

Default or user-defined restart, restart-count, and reset-time values for the process-level configuration of this feature, configured with the maximum-prefix command, are inherited by the redistribute maximum-prefix and neighbor maximum-prefix command configurations by default. If a single peer is configured with the neighbor maximum-prefix command, a process-level configuration or a configuration that is applied to all neighbors will be inherited.

Examples

The following example, starting in global configuration mode, configures the maximum prefix limit for an EIGRP process, which includes routes learned through redistribution and routes learned through EIGRP peering sessions. The maximum limit is set to 50000 prefixes. When the number of prefixes learned through redistribution reaches 37500 (75 percent of 50000), warning messages will be displayed in the console. When the maximum prefix limit is exceeded, all peering sessions will be reset, the topology and routing tables will be cleared and redistributed routes and all peering sessions will be placed in a penalty state.

Router(config)# router eigrp 100
Router(config-router)# address-family ipv4 vrf RED
Router(config-router-af)# maximum-prefix 50000 
Router(config-router-af)# end

Related Commands

Command
Description

clear ip eigrp neighbors

Deletes neighbor entries from the routing table.

clear ip eigrp vrf neighbor

Deletes neighbor entries from the VRF table.

clear ip route

Deletes routes from the IP routing table.


neighbor maximum-prefix (EIGRP)

To limit the number of prefixes that are accepted from an Enhanced Interior Gateway Routing Protocol (EIGRP) neighbor or all EIGRP neighbors, use the neighbor maximum-prefix command in address-family configuration mode. To disable this function, use the no form of this command.

Single Neighbor Configuration CLI

neighbor ip-address maximum-prefix maximum [threshold] [warning-only]

no neighbor ip-address maximum-prefix

All Neighbor Configuration CLI

neighbor maximum-prefix maximum [threshold] [[dampened] [reset-time minutes] [restart minutes] [restart-count number] | [warning-only]]

no neighbor maximum-prefix

Syntax Description

ip-address

(Optional) IP address of a single peer.

maximum-prefix maximum

Maximum number of prefixes accepted. The range for this argument is a number from 1 to 4294967295.

Note The number of prefixes that can be configured is limited only by the available system resources on the router.

threshold

(Optional) Configures the router to generate syslog warning messages when the specified percentage of the maximum-prefix limit has been exceeded. The prefix percentage number that can be configured for the threshold argument is from 1 to 100. The default is 75 percent.

warning-only

(Optional) Configures the router to only generate syslog messages when the maximum-prefix limit is reached, instead of terminating the peering session. This keyword is disabled by default.

restart minutes

(Optional) Configures a time period in which the router will not form adjacencies or accept redistributed routes from the RIB after the maximum-prefix limit has been exceeded. The value for the minutes argument is from 1 to 65535 minutes. The default restart-time period is 5 minutes.

restart-count number

(Optional) Configures the number of times a peering session can be automatically be reestablished after the peering session has been torn down or after the a redistribute route has been cleared and relearned because the maximum-prefix limit has been exceeded. The default restart-count limit is 3.


Warning Once the restart count threshold has been crossed, you will need to enter the clear ip route * or clear ip eigrp neighbor command to reestablish normal peering and/or redistribution.

reset-time minutes

(Optional) Configures the router to reset the restart count to 0 after the default or configured reset-time period has expired. The value for the minutes argument is from 1 to 65535 minutes. The default reset-time period is 15 minutes.

dampened

(Optional) Configures a decay penalty to be applied to the restart-time period each time the maximum-prefix limit is exceeded. The half-life for the decay penalty is 150% of the default or user-defined restart-time value in minutes. This keyword is disabled by default.


Defaults

threshold: 75 percent
reset-time: 15 minutes
restart: 5 minutes
restart-count: 3

Command Modes

Address-family (IPv4 VRF)

Command History

Release
Modification

12.0(29)S

This command was introduced.

12.3(14)T

This command was integrated into Cisco IOS Release 12.3(14)T.


Usage Guidelines

The neighbor maximum-prefix command can be configured to protect an individual peering session or protect all peering sessions. When this feature is enabled and the maximum-prefix limit has been exceeded, the router will tear down the peering session, clear all routes that were learned from the peer, and then place the peer in a penalty state for the default or user-defined time period. After the penalty time period expires, normal peering will be reestablished.


Note In EIGRP, neighbor commands have been used traditionally to configure static neighbors. In the context of this feature, however, the neighbor maximum-prefix command can be used to configure the maximum-prefix limit for both statically configured and dynamically discovered neighbors.


When configuring the neighbor maximum-prefix command to protect a single peering session, only the maximum-prefix limit, the percentage threshold, the warning-only configuration options can be configured. Session dampening, restart, and reset timers are configured on a global basis

Inherited Timer Values

Default or user-defined restart, restart-count, and reset-time values for the process-level configuration of this feature, configured with the maximum-prefix command, are inherited by the redistribute maximum-prefix and neighbor maximum-prefix command configurations by default. If a single peer is configured with the neighbor maximum-prefix command, a process-level configuration or a configuration that is applied to all neighbors will be inherited.

Examples

Configuring the Maximum Prefix Limit for a Single Peer

The following example, starting in global configuration mode, configures the maximum prefix limit for a single peer. The maximum limit is set to 1000 prefixes, and the warning threshold is set to 80 percent. When the maximum prefix limit is exceeded, the session with this peer will be torn down, all routes learned from this peer will be removed from the topology and routing tables, and this peer will be placed in a penalty state for 5 minutes (default penalty value).

Router(config)# router eigrp 100
Router(config-router)# address-family ipv4 vrf RED
Router(config-router-af)# neighbor 10.0.0.1 maximum-prefix 1000 80 
Router(config-router-af)# end

Configuring the Maximum Prefix Limit for all Peers

The following example, starting in global configuration mode, configures the maximum prefix limit for all peers. The maximum limit is set to 10000 prefixes, the warning threshold is set to 90 percent, the restart timer is set to 4 minutes, a decay penalty is configured for the restart timer with the dampened keyword, and all timers are configured to be reset to 0 every 60 minutes. When the maximum prefix limit is exceeded, all peering sessions will be torn down, all routes learned from all peers will be removed from the topology and routing tables, and all peers will be placed in a penalty state for 4 minutes (user-defined penalty value). A dampening exponential decay penalty will also be applied.

Router(config)# router eigrp 100
Router(config-router)# address-family ipv4 vrf RED
Router(config-router-af)# neighbor maximum-prefix 10000 90 dampened reset-time 60 restart4
Router(config-router-af)# end 

Related Commands

Command
Description

clear ip eigrp neighbors

Deletes neighbor entries from the routing table.

clear ip eigrp vrf neighbor

Deletes neighbor entries from the VRF table.

clear ip route

Deletes routes from the IP routing table.


redistribute maximum-prefix (EIGRP)

To limit the number of prefixes redistributed into an Enhanced Interior Gateway Routing Protocol (EIGRP) process, use the redistribute maximum-prefix command in address-family configuration mode. To disable this function, use the no form of this command.

redistribute maximum-prefix maximum [threshold] [[dampened] [reset-time minutes] [restart minutes] [restart-count number] | [warning-only]]

no redistribute maximum-prefix.

Syntax Description

maximum

Maximum number of prefixes that are redistributed into EIGRP under an address-family. The range for this argument is a number from 1 to 4294967295.

Note The number of prefixes that can be configured is limited only by the available system resources on the router.

threshold

(Optional) Configures the router to generate syslog warning messages when the specified percentage of the maximum-prefix limit has been exceeded. The prefix percentage number that can be configured for the threshold argument is from 1 to 100. The default is 75 percent.

warning-only

(Optional) Configures the router to only generate syslog messages when the maximum-prefix limit is reached, instead of suspending redistribution. This keyword is disabled by default.

restart minutes

(Optional) Configures a time period in which the router will not form adjacencies or accept redistributed routes from the RIB after the maximum-prefix limit has been exceeded. The value for the minutes argument is from 1 to 65535 minutes. The default restart-time period is 5 minutes.

restart-count number

(Optional) Configures the number of times a peering session can be automatically be reestablished after the peering session has been torn down or after the a redistribute route has been cleared and relearned because the maximum-prefix limit has been exceeded. The default restart-count limit is 3.


Warning Once the restart count threshold has been crossed, you will need to enter the clear ip route * or clear ip eigrp neighbor command to reestablish normal peering and/or redistribution.

reset-time minutes

(Optional) Configures the router to reset the restart count to 0 after the default or configured reset-time period has expired. The value for the minutes argument is from 1 to 65535 minutes. The default reset-time period is 15 minutes.

dampened

(Optional) Configures a decay penalty to be applied to the restart-time period each time the maximum-prefix limit is exceeded. The half-life for the decay penalty is 150% of the default or user-defined restart-time value in minutes. This keyword is disabled by default.


Defaults

threshold: 75 percent
reset-time: 15 minutes
restart: 5 minutes
restart-count: 3

Command Modes

Address-family (IPv4 VRF)

Command History

Release
Modification

12.0(29)S

This command was introduced.

12.3(14)T

This command was integrated into Cisco IOS Release 12.3(14)T.


Usage Guidelines

The redistribute maximum-prefix command is used to configure limit prefixes learned through redistribution. When the maximum-prefix limit is exceeded, all routes learned from the Routing Information Base (RIB) will be discarded and redistribution will be suspended for the default or user-defined time period. The maximum-prefix limit that can be configured for redistributed prefixes is limited only by the available system resources on the router.

Inherited Timer Values

Default or user-defined restart, restart-count, and reset-time values for the process-level configuration of this feature, configured with the maximum-prefix command, are inherited by the redistribute maximum-prefix and neighbor maximum-prefix command configurations by default. If a single peer is configured with the neighbor maximum-prefix command, a process-level configuration or a configuration that is applied to all neighbors will be inherited.

Examples

The following example, starting in global configuration mode, configures the maximum prefix limit for routes learned through redistribution. The maximum limit is set to 5000 prefixes and the warning threshold is set to 95percent. When the number of prefixes learned through redistribution reaches 4750 (95 percent of 5000), warning messages will be displayed in the console. Because the warning-only keyword was configure, the topology and routing tables will not be cleared and route redistribution will not be placed in a penalty state.

Router(config)# router eigrp 100
Router(config-router)# address-family ipv4 vrf RED
Router(config-router-af)# redistribute maximum-prefix 5000 95 warning-only 
Router(config-router-af)# end

Related Commands

Command
Description

clear ip eigrp neighbors

Deletes neighbor entries from the routing table.

clear ip eigrp vrf neighbor

Deletes neighbor entries from the VRF table.

clear ip route

Deletes routes from the IP routing table.


show ip eigrp accounting

To display prefix accounting information for Enhanced Interior Gateway Routing Protocol (EIGRP) processes, use the show ip eigrp accounting command in EXEC mode.

show ip eigrp accounting [as-number]

Syntax Description

as-number

(Optional) Specifies the autonomous system number.


Command Modes

EXEC

Command History

Release
Modification

12.0(29)S

This command was introduced.

12.3(14)T

This command was integrated into Cisco IOS Release 12.3(14)T.


Examples

The following is sample output from the show ip eigrp accounting command:

Router# show ip eigrp accounting 
IP-EIGRP accounting for AS(100)/ID(10.0.2.1) Routing Table: RED
Total Prefix Count: 4  States: A-Adjacency, P-Pending, D-Down
State Address/Source   Interface        Prefix   Restart  Restart/
                                        Count     Count   Reset(s)
 P    Redistributed     ----               0           3         211
 A    10.0.1.2          Et0/0              2           0          84
 P    10.0.2.4          Se2/0              0           2         114
 D    10.0.1.3          Et0/0              0           3           0


Note Connected and summary routes are not listed individually in the output of this command but are counted in the total aggregate count per process.


Table 1 describes the significant fields shown in the display.

Table 1 show ip eigrp accounting Field Descriptions 

Field
Description

IP-EIGRP accounting for AS...

Identifies the EIGRP instance along with the AS number, Router ID and Table ID.

Total Prefix Count:

Shows to the aggregate sum of the prefixes in an EIGRP instance topology table. It includes prefixes learnt from all neighbors or from redistribution.

States: A-Adjacency, P-Pending, D-Down

A-Adjacency: Indicates a stable adjacency with the neighbor or a normal redistribution state.

P-Pending: Neighbor adjacency or redistribution in suspended or in a penalized state because the maximum prefix limit has been exceeded.

D-Down: Neighbor adjacency or redistribution is suspended permanently until a manually reset is performed with the clear ip route command.

Address/Source

Shows the peer IP address of the redistribution source.

Prefix Count

Displays the total number of learned prefixes by source.

Note Routes can be learned for the same prefix from multiple sources, and the sum of all prefix counts in this column may be greater than the figure displayed in the "Prefix Count" field.

Restart Count

Number of times a route source has exceeded the maximum-prefix limit.

Restart Reset(s)

Displays the time, in seconds, that a route source is in a P (penalized) state. If the route source is in an A (stable or normal) state, the displayed time, in seconds, is the time period until penalization history is reset.


show ip eigrp vrf accounting

To display prefix accounting information for an Enhanced Interior Gateway Routing Protocol VPN routing and forwarding instance (VRF), use the show ip eigrp vrf traffic command in privileged EXEC mode.

show ip eigrp vrf vrf-name| * accounting [as-number]

Syntax Description

vrf-name

Specifies the VRF name. The * keyword can be used as a wild card to display all VRFs, instead of specifying a single VRF with the vrf-name argument.

as-number

(Optional) Specifies the autonomous system number.


Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(29)S

This command was introduced.

12.3(14)T

This command was integrated into Cisco IOS Release 12.3(14)T.


Examples

The following is sample output from the show ip eigrp vrf accounting command:

Router# show ip eigrp vrf RED accounting 
IP-EIGRP accounting for AS(100)/ID(10.0.2.1) Routing Table: RED
Total Prefix Count: 4  States: A-Adjacency, P-Pending, D-Down
State Address/Source   Interface        Prefix   Restart  Restart/
                                        Count     Count   Reset(s)
 P    Redistributed     ----               0           3         211
 A    10.0.1.2          Et0/0              2           0          84
 P    10.0.2.4          Se2/0              0           2         114
 D    10.0.1.3          Et0/0              0           3           0


Note Connected and summary routes are not listed individually in the output of this command but are counted in the total aggregate count per process.


Table 2 describes the significant fields shown in the display.

Table 2 show ip eigrp vrf accounting Field Descriptions 

Field
Description

IP-EIGRP accounting for AS...

Identifies the EIGRP instance along with the AS number, Router ID and Table ID.

Total Prefix Count:

Shows to the aggregate sum of the prefixes in an EIGRP instance topology table. It includes prefixes learnt from all neighbors or from redistribution.

States: A-Adjacency, P-Pending, D-Down

A-Adjacency: Indicates a stable adjacency with the neighbor or a normal redistribution state.

P-Pending: Neighbor adjacency or redistribution in suspended or in a penalized state because the maximum prefix limit has been exceeded.

D-Down: Neighbor adjacency or redistribution is suspended permanently until a manually reset is performed with the clear ip route command.

Address/Source

Shows the peer IP address of the redistribution source.

Prefix Count

Displays the total number of learned prefixes by source.

Note Routes can be learned for the same prefix from multiple sources, and the sum of all prefix counts in this column may be greater than the figure displayed in the "Prefix Count" field.

Restart Count

Number of times a route source has exceeded the maximum-prefix limit.

Restart/Reset(s)

Displays the time, in seconds, that a route source is in a P (penalized) state. If the route source is in an A (stable or normal) state, the displayed time, in seconds, is the time period until penalization history is reset.