Re: [sidr] Burstiness of BGP updates (was: WGLC: draft-ietf-sidr-bgpsec-reqs)

Brian Dickson <> Tue, 15 November 2011 05:15 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A7BC91F0DB0 for <>; Mon, 14 Nov 2011 21:15:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.929
X-Spam-Status: No, score=-0.929 tagged_above=-999 required=5 tests=[AWL=-2.557, BAYES_00=-2.599, GB_SUMOF=5, RCVD_IN_DNSWL_LOW=-1, SARE_SUB_OBFU_Q1=0.227]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bylVJa9UFmxr for <>; Mon, 14 Nov 2011 21:15:35 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id D84E81F0D12 for <>; Mon, 14 Nov 2011 21:15:34 -0800 (PST)
Received: by bkbzv15 with SMTP id zv15so678219bkb.31 for <>; Mon, 14 Nov 2011 21:15:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=hfySpB8sZzq2dfBU4swXY6fvqvCzEwTGUFLIlKFKy24=; b=RDWzHXRrSk3cHRNtT7/y9j5rAasEiguRoKctwnTCp0wXoCzZ3JVcrQEv24U2R9RzD+ uBeI/QDgKEWSuL1rctN2HThAMsEJpZ1/MXCsWqf4qYdDlwFlPpILmikJ4s9sbitjLQYu SuyO92SjTM79AQ10h0G8qlvaYgKIMNwWLj08I=
MIME-Version: 1.0
Received: by with SMTP id iq17mr14659267bkc.118.1321334133982; Mon, 14 Nov 2011 21:15:33 -0800 (PST)
Received: by with HTTP; Mon, 14 Nov 2011 21:15:33 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <> <> <> <> <>
Date: Tue, 15 Nov 2011 00:15:33 -0500
Message-ID: <>
From: Brian Dickson <>
To: Jakob Heitz <>
Content-Type: text/plain; charset=ISO-8859-1
Cc: "Sriram, Kotikalapudi" <>, sidr wg list <>
Subject: Re: [sidr] Burstiness of BGP updates (was: WGLC: draft-ietf-sidr-bgpsec-reqs)
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Interdomain Routing <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 15 Nov 2011 05:15:35 -0000

Sorry to jump in here, but I think that there is a drifting into conjecture...

It would be best to stay within the realm of facts.

> Great, so you don't disagree that beacons mostly cause no change.
> That should cover the bulk of BGPSEC updates.
> That brings us a long way down from 2X.

There is no empirical basis for 2X, either in the general case or the
specific case.

If I understand the "beacon" concept correctly, this is the
re-announcement from the origin,
based on the expiry time? Is this correct?

Then the impact to the listener will be:
The sum of (per-prefix frequency x number of in-RIBs that prefix is
heard over) [i=1..N, N = number of prefixes].

If someone has a router with 10 copies of the full routing table, and
the median rate is 1/day, then this will be approximately 10 x
(routing table size) per day.
The routing table in the DFZ is about what, 350-400k? That would be
roughly 4M/day, or 50/sec.

Even modest border routers, for multi-homed networks (two upstreams
and significant local peering), that could easily be 1M+/day or

On top of everything else generated by churn, which in the case of a
leaf router is 2-3/sec.

The basic principal is, unlike churn, where the peak amplitude is an
issue, this is pervasive, affecting every received prefix over every
link on which it is received, even when routing is stable.