04-05-2022 08:18 AM
I have a question related to BGP summarization in a PAN firewall. We currently have summary aggregate advertised to the upstream device. But now we need a leak /32 route to the upstream along with the original summary route. What is the best method to achieve this goal? I have seen an option for 'Advertise filter' in BGP summary. If I add the /32 there, will it result in /32 and the /16 route(summary) being sent to upstream?
04-05-2022 08:49 AM
Hi @a-techie ,
The summarized route is originating from PAN firewall (to receive specific routes and advertise summarized route) or you receive the summarized route from neighbour device?
What about the /32 host route - do you want to originate from PAN firewall, or you receive it from somewhere else along the summary route?
04-05-2022 10:11 AM
@Astardzhiev PAN is originating the the summarized /16 route(contributing routes coming from neighbours for this /16) and PAN receives /32 route from a neighbour. That /32 falls in the range of the /16 the PAN is originating and thus it get masked.
04-06-2022 11:17 AM
Just to make sure we understand, do you have the /16 configured in the aggregate tab?
Have you tried adding the /32 to a redist rule? You would probably need to add that to your export rules unless you don't have an exact match on the /16.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!