BGP Routes are Not Injected into the Routing Table

• BGP routes are not injected into the global routing table.
• BGP peer relationship is established with Peers.
• Routes from neighbors are present in the BGP local-rib.

• PAN-OS 7.1, 8.0, 8.1 and 9.0.
• Any Palo Alto Firewall.
• BGP configured.

This issue is typically noticed when the Palo Alto Networks firewall has established EBGP and IBGP connectivity between 2 routers and is advertising the routes learned from the EBGP peer to its IBGP peer. By default, when a route is advertised to an EBGP peer outside of an AS, the router will make sure that the next-hop attribute reflects its own IP address. Since BGP is an AS by AS routing protocol, the next-hop value of the BGP network advertisement that leaves an AS, is the IP address of the router at the exit point from AS.

When this route is advertised to an IBGP peer, the next-hop attribute remains the same (because it is not crossing another AS). Usually, the router inside the AS does not have a route to the external IP address from the next-hop attribute. Since these routers do not know where this next hop is (as they are not directly connected), and BGP selects a path with a reachable next hop, these routes advertised by the Palo Alto Networks firewalls EBGP peer never get installed in the routing table.

 There are few other reasons for the route not being in the routing table such as routing table being full and  Install Route option under Network > Virtual Routers > (VR-name) >BGP > General > Options is unchecked.