05-26-2021 08:30 AM
When we turned up BGP in the Palo with ExpressRoute, we started to receive 4 subnets from Microsoft.
The customer found that these subnets are being leaked into the Extreme Fabric through the OSPF adjacency to the Palo’s, where only Default route should be sent from the Palo to the Extreme. Not sure why this is happening, since it looks like there is a policy that should only send default route.
I have a case open, but am posting here due to long wait times.
05-26-2021 06:37 PM
There's really not enough information here to troubleshoot this without being able to look at your configuration. Seems like your redistribution profile is setup with an incorrect filter since it doesn't seem like you even want the 4 subnets redistributed to OSPF.
05-27-2021 03:14 AM
Hi @dbrenipc ,
I believe this is caused by the redistribution profile you have configured. This is something that annoys me a lot - when you configure "Destination" in the redistribution profile, the prefix you put will not look for exact match, but it will match any prefix that falls under the configured prefix.
In your case I am almost certain that you have put 0.0.0.0/0 as destination for the redistribution profile. Which as you can guess will match all othe routes.
One way to fix this is to narrow down your redistrubtion profile filter -
- select the only the interface to which default is pointing
- select next-hop address to which default is pointing
That way no other route will match that redist profile. But this depends on your config
Another way would be to create additional redistribution profile:
- configure destination to match all prefixes that you don't want to redistribute to OSPF
- Set action to no-redist
- And set priority that is lower than what you have for the default route redist profile
Redistribution profiles are applied in order from lowest to highest priority, so this would work like firewall rule and redistribute only the prefix you have in the profile with action redistribute
05-27-2021 06:44 AM
redist profile has src: BGP detination 0.0.0.0/0 redist
in the export it says redistribute default route
I've found multiple docs that provide some conflicting info.
1 said NOT to use 0.0.0.0/0, and to only have the redistribute default route .
The other said to create a no-redist rule for the specific networks
then have the redist rule to probvide the default route wiht 0.0.0.0./0 specified.
I hope to lab it out asap.
thanks for your help - Don
05-27-2021 02:59 PM
Thank you Alexander- I am going to lab this up when I have time..But I agree...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!