07-12-2021 07:18 PM
I have an issue where a Static route that is being path monitored and redistributed into BGP, is not removed from the BGP RIB out table when the monitored path is unreachable. The static route is still populated in the Palo Alto BGP rib out table and is also populated in the BGP peer route table.
Any ideas as to what may cause such an issue?
07-13-2021 01:30 AM
Hi @Ben-Price ,
Without looking at your config, I would take a whild guess and assume that in BGP Redist. Rules you have put the network instead of using redistribution profile. Am I correct?
- If you put prefix in bgp redist rules, FW will create "dummy" route for this network and redistribute to BGP that network. Because this network is not associated with any interface, not it is static route with path monitor, this route will always be active and redistributed to BGP. The main purpose for this function is to redistribute range that you don't have in your routing table - for example additional NAT range that is used for NAT rules.
- If you want FW to stop redistributing prefix once the route is inactive you need to use redistribution profile. Redis profile will match the routes that are already in your routing table and add it to the BGP process.
You should be able to confirm the use "dummy route" by checking your routingtable. You should have route with flag "~"
07-14-2021 06:15 AM
I am using Redistribution Profile and not IP/Prefix on the BGP redistribution.
Unsure why even with a static route configured and redistribution profile created the route seems to be there at all times even after path monitoring fails. The only time the route goes away from the bgp redistribution is when the route statement is removed from the export list.
07-14-2021 08:09 AM
If you filter your routing table for that prefix while the path monitor is down, what is the output?
07-14-2021 06:05 PM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!