Redistribute ebgp route into ebgp

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Redistribute ebgp route into ebgp

L4 Transporter

Hi Team,

 

I have EBGP peering between PA- Router using EBGP. learning route 10.10.1.0/24

 

I want to advertise those EBGP routes ( ex 10.10.1.0/24)  learned by PA  to AWS where I have another EBGP peering between PA and AWS.

 

Could this be done in Palo Alto. I see redistributes rules are there . I just wanted to have clear understanding if one  ebgp learned route  can be redistruted into another ebgp.

 

Thanks in Advance.

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 |
3 REPLIES 3

L3 Networker

@fatboy1607 I think so.  I don't do that so I can't be sure, but your right, according to the documentation:

Configure BGP 

Configure redistribution rules.
This rule is used to redistribute host routes and unknown routes that are not on the local RIB to the peer routers.

Select Redist Rules and Add a new redistribution rule.
Enter the Name of an IP subnet or select a redistribution profile. You can also configure a new redistribution profile if needed.
Enable the rule.
Enter the route Metric that will be used for the rule.
In the Set Origin list, select incomplete, igp, or egp.
(Optional) Set MED, local preference, AS path limit, and community values.
Click OK.

 

Hi @fatboy1607,

 

Hold on for a second... Even tho BGP is very complex it still a dynamic routing protocol like any other. Which means that it should dynamically learn routes from other peers and advertise routes that are known.

 

By default, in normal situation the FW should learn/import the route (10.10.10.0/24) by PeerA and auto-magically advertise/export this route to all other BGP peers.

Now I said by default and in normal situation, because there are many reasons preventing FW to advertise this route to other peers.

  • Like any other dynamic routing protocol BGP also have some loop prevention logics built-in to the protocol itself (any device no matter if it is PA FW or a router will obey them)
    1. FW will not advertise the route to the same peer that it came
    2. FW will not advertise the route to AS if that AS number is already in the AS path for the route

Which means in normal situation - that you learn route 1.1.1.1 from PeerA (with AS11), FW will automatically advertise this route to PeerB (with AS12) if AS12 is not already in the AS path for this route

 

  • You can control what you learn and what you advertise by BGP with import and export rules
    1. Import rule is controlling what FW will accept from the peers
    2. Export rule is controlling what FW will advertise to the peers

Which means by default no import/export rules are configured, FW will accept anything that is send by the peers and will advertise anything (that is not filtered by the loop prevention mechanisms) to all peers. If you have configured at least one export rule, FW will advertise only the routes matching that rule and nothing else.

 

So back to your question:

- If you ask "will it be advertised" - most probably yes if the "requirements" discussed above are met

- If you ask "why it is not advertised" - I strongly recommend to first identify what is the reason to not advertise the route to other peers

 

Probably will repeat myself, but - the route should be advertised, but if it is not try to identify the reason. I strongly recommend - do not use redistribution rules!

As @Shawverr, correctly quoted, main purpose of redistribution rule is completely different. Its purpose is to advertise route to BGP peers that FW didn't receive by BGP. For example routes that are statically configured - by default FW will not adv. static routes, or directly connected networks, or routes from other dynamic protocols (OSPF, RIP). Or if you want to advertise routes that are not in your routing table at all (for example your ISP is giving you second public range that you use for NAT, it is not configured on any of your interfaces, but still this traffic should be routed to the FW).

 

Up to this point we were talking only for one BGP instance. And like any other network device PA FW can only have one BGP instance per routing table - if you configure multiple VRs you can have different BGP instances (different AS). To be honest I am not sure if you can advertise routes between different VRs. I could guess you cannot, at least without static routes

 

@aleksandar.astardzhiev @Shawverr  very Nice explanation I got it now.

SD-WAN | Cloud Networking | PCNSE | ICSI CNSS | MCNA | | CCNP | CCSA | SPSP | SPSX | F5-101 |
  • 4839 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!