How to remove one BGP-RIB Out

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L3 Networker

How to remove one BGP-RIB Out

Hi,

 

We've configured BGP between Paloalto to Azure by using EBGP. The bgp is established but in RIB Out noticed that prefix 0.0.0.0/0 advertised to the peer respective azure. 

bgp azure.JPG

 

bgp azure.JPG

How to remove this, because due to this the users in bgp unable to access the internet.

 

If I enable the "reject default route" option does this help? or cause any problem with all other bgp connections?

bgp azure.JPG

can anyone help & give your valuable suggestion here.

 

-

Regards,

Sethupathi M

Tags (2)
Highlighted
Cyber Elite

Hello,

This should work for you as it till not accept the default route advertised by the peer:

"Select to ignore any default routes that are advertised by BGP peers."

 

You can always open a TAC case to ask. While I'm not a BGP expert, I used OSPF quite extensively and have this option set on my PAN's that are boarder devices.

 

Regards,

Highlighted
L4 Transporter

Do you have any import and/or export filters for BGP? Using filters is a pretty standard way to control prefix advertisement and learning.

Highlighted
L4 Transporter

Hi @Sethupathi,

 

1. The "reject default route" from your screenshot is doing the opposite to what you want. This option will force the firewall to reject default route received by any BGP peer. To answer how it will affect your setup depends entirely of that how your firewall is receiving the default route (does it receive it via BGP or by other way static, ospf, etc). To answer will it solve your issue - definitely no. This option is to reject receiving default and you are trying to block advertisement (to specific peer)

 

2. The proper way to select/filter what you advertise to BGP peers is the Export rules. It is impotent to notice the following - from this document (which is not exactly what you need, but doesn't matter)

There is an implicit deny rule that is triggered once any rules are created in the export or import tabs (the same is true for OSPF export). Add an allow rule to make sure you are importing other prefixes. The Import tab should now appear like the following:

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!