So in discussions with a few customers the BGP functionality has come up when peering with ISPs and replacing dedicated BGP equipment. The route table size on the PAN5060 is roughly 64000 routes. Most Universities have tables upwards of a 1/2 Million. Also Dynamic routing is currently unsupported on IPv6 as of PANOS5.0.2.
As a workaround we have suggested the following:
1) Summarize routes to the BGP Peers as in most cases a single route back to peers is sufficient.
2) Update to PANOS 5.0.2 as there is better management of route redistribution.
3) Upcoming releases will include support for IPV6 dynamic routing
Options we exhausted (stuff that didn't work):
1) Using Virtual Systems.
2) Providing a custom release with the table size increased.
3) Setting up multiple Virtual Routers.
4) Try and see if the 64000+ routes would just work (the table doesn't hold more).
Has anyone else worked out something like this in a different way ?
If you use BGP towards ISPs its often sufficient to just import a default route from each ISP and use BGP to announce your own ranges to each ISP (similar to your first point). This way you will basically only hold as many routes as you have ISPs/uplinks (except for your own ranges that is).
Also you should question yourself if you really need BGP. Its not uncommon that admins use BGP because its "cool" and not that they really need it. In many cases using a static route is safer and will most likely give you far less problem than adding the problems BGP on itself might bring you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!