How to Filter BGP Routes Using Extended Communities

How to Filter BGP Routes Using Extended Communities

31050
Created On 09/26/18 20:33 PM - Last Modified 06/16/23 18:26 PM


Resolution


Overview

PAN-OS only supports BGP filtering using extended communities with hexadecimal values. For example, if a BGP route contains an extended community such as 1:65001:65001,or 0x0001FDE90000FDE9 then users must use the hexadecimal value 0001FDE90000FDE9 for route filtering.

 

See this sample output:

show routing protocol bgp loc-rib-detail

VIRTUAL ROUTER: default (id 1)

==========

----------

Prefix: 192.168.152.0/24 *

Nexthop: 10.193.16.51

Received from: Peer 51 (id 1)

Originator ID: 10.193.16.152

AS Path:

Origin: N/A

MED: 0

Local Preference: 100

Atomic aggregate: no

Aggregator AS: 0

Aggregator ID: 0.0.0.0

Weight: 0

Flap: value 0.00, count 0

Community: 1234:1234,

Extended community: 0001FDE90000FDE9(type (0x0001), Flags []),

Clusters: 51.16.193.10

 

The proper configuration for filtering the route looks like this:

hex.PNG

 

Review this document for more details on how to filter routes on Palo Alto Networks Firewalls: Understanding Route Redistribution and Filtering

 

owner: npoprzen
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm57CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language