Routes Learned from iBGP Neighbour Not Advertised to Another
Symptom
Diagnosis
We have to configure Palo Alto Networks Firewall as a Route Reflector:
Go to Network > Virtual router > Bgp > Open peer r1 > Select Reflector client as Client
Resolution
Cisco router R1 is advertising 1.1.1.1 route in BGP, the same route is appearing in the routing table of the Palo Alto Networks firewall but not apprearing in the routing table of Router R2
Note: All the devices are in the same AS --they all are iBGP neighbours.
Reason: By default, if any device receives a route from one iBGP neighbor then it never advertises the same route to another iBGP neighbour.
So, if the Palo alto Networks firewall receives any route from R1, let's say 1.1.1.1, then it is not going to advertise the same to R2 in the above case as per the default behaviour of the BGP protocol.
Solution
To solve this, configure the Palo alto Networks firewall as a route reflector. Define peer R1 as a route reflector client (please see the screen shot below for peer R1).
Peer R2 will not non-client as per the default settings and routes can be exchanged between client and non-client.
Go the Network Tab >Virtual Router >BGP.
Open the the peer group.
Select Reflector Client as Client .
After this, you will be able to see all the routes R1 is advertising in the local rib table of R2.
If you are not observing the route in the routing table of R2, ensure that the next hop of the received route is recahable from R2. Otherwise, the route will be in the local rib table, but that route will not be considered the best route and only best routes are installed in the routing table.
I verified the same in the lab by taking 3 Palo aAto Networks firewalls as iBGP neighbours.
Also, the above routers may be a firewall or any device that supports BGP.
Thanks you,
Tarang Srivastava