I have an issue where a Static route that is being path monitored and redistributed into BGP, is not removed from the BGP RIB out table when the monitored path is unreachable. The static route is still populated in the Palo Alto BGP rib out table and is also populated in the BGP peer route table.
Any ideas as to what may cause such an issue?
Hi @Ben-Price ,
Without looking at your config, I would take a whild guess and assume that in BGP Redist. Rules you have put the network instead of using redistribution profile. Am I correct?
- If you put prefix in bgp redist rules, FW will create "dummy" route for this network and redistribute to BGP that network. Because this network is not associated with any interface, not it is static route with path monitor, this route will always be active and redistributed to BGP. The main purpose for this function is to redistribute range that you don't have in your routing table - for example additional NAT range that is used for NAT rules.
- If you want FW to stop redistributing prefix once the route is inactive you need to use redistribution profile. Redis profile will match the routes that are already in your routing table and add it to the BGP process.
You should be able to confirm the use "dummy route" by checking your routingtable. You should have route with flag "~"
I am using Redistribution Profile and not IP/Prefix on the BGP redistribution.
Unsure why even with a static route configured and redistribution profile created the route seems to be there at all times even after path monitoring fails. The only time the route goes away from the bgp redistribution is when the route statement is removed from the export list.
Hi @Astardzhiev, my issue turns out to be slightly different after doing some further troubleshooting, but I did lab up your scenario and you are correct the configuration you described, does result in the path monitored static route not being removed from the RIB out table.
Once I have a resolution for my issue, I will post here.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!