01-25-2017 05:40 AM - edited 01-25-2017 05:58 AM
I would like to ignore some of the routes learned by OSFP so they don't install in the forwarding table. Important, I'm not talking about suppress/filter routes that my PA announce through OSPF.
For explaining me better, I'm looking for "OSPF Inbound Filtering" in the language of Cisco:
Thanks in advance!!!
01-26-2017 08:26 PM
That should be a feature requests. As workaround you may want to use BGP or create static routes with less admin distance.
02-07-2017 12:45 AM - edited 02-07-2017 12:45 AM
Gerardo, thanks for your answer. I will look for the way to make that suggestion to Palo Alto Team.
Meanwhile, I've to found a way to prioritize static routes over dynamic routes. The administrative distance works when the prefix length of the routes are equal but it appears that longer prefix length routes take precedence over shorter independent of administrative distance.
02-08-2017 01:12 PM
Yes, that's expected behavior shorther prefix lenghts will take over. Admin distance will only matter when you have the same route (including prefix lenght) coming from different routing protocols (static, ospf, bgp...). In adittion OSPF is an internal gateway protocol so is asummed that the the routes are coming from controled sources (where only the requiered routes are advertised), the only options left are changing to BGP (EGP) or configure static routes using the same prefix lenght.
As side note to check the installed routes in the dataplane you can use the following command,
>show routing fib
02-08-2017 03:49 PM
Your other option here is to switch to BGP for route distribution. This would then give you full control of import and export policies throughout the enterprise to handle this cases as you desire.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!