I have EBGP peering between PA- Router using EBGP. learning route 10.10.1.0/24
I want to advertise those EBGP routes ( ex 10.10.1.0/24) learned by PA to AWS where I have another EBGP peering between PA and AWS.
Could this be done in Palo Alto. I see redistributes rules are there . I just wanted to have clear understanding if one ebgp learned route can be redistruted into another ebgp.
Thanks in Advance.
@MandarKulkarni I think so. I don't do that so I can't be sure, but your right, according to the documentation:
Select Redist Rules and Add a new redistribution rule.
Enter the Name of an IP subnet or select a redistribution profile. You can also configure a new redistribution profile if needed.
Enable the rule.
Enter the route Metric that will be used for the rule.
In the Set Origin list, select incomplete, igp, or egp.
(Optional) Set MED, local preference, AS path limit, and community values.
Hold on for a second... Even tho BGP is very complex it still a dynamic routing protocol like any other. Which means that it should dynamically learn routes from other peers and advertise routes that are known.
By default, in normal situation the FW should learn/import the route (10.10.10.0/24) by PeerA and auto-magically advertise/export this route to all other BGP peers.
Now I said by default and in normal situation, because there are many reasons preventing FW to advertise this route to other peers.
Which means in normal situation - that you learn route 22.214.171.124 from PeerA (with AS11), FW will automatically advertise this route to PeerB (with AS12) if AS12 is not already in the AS path for this route
Which means by default no import/export rules are configured, FW will accept anything that is send by the peers and will advertise anything (that is not filtered by the loop prevention mechanisms) to all peers. If you have configured at least one export rule, FW will advertise only the routes matching that rule and nothing else.
So back to your question:
- If you ask "will it be advertised" - most probably yes if the "requirements" discussed above are met
- If you ask "why it is not advertised" - I strongly recommend to first identify what is the reason to not advertise the route to other peers
Probably will repeat myself, but - the route should be advertised, but if it is not try to identify the reason. I strongly recommend - do not use redistribution rules!
As @Shawverr, correctly quoted, main purpose of redistribution rule is completely different. Its purpose is to advertise route to BGP peers that FW didn't receive by BGP. For example routes that are statically configured - by default FW will not adv. static routes, or directly connected networks, or routes from other dynamic protocols (OSPF, RIP). Or if you want to advertise routes that are not in your routing table at all (for example your ISP is giving you second public range that you use for NAT, it is not configured on any of your interfaces, but still this traffic should be routed to the FW).
Up to this point we were talking only for one BGP instance. And like any other network device PA FW can only have one BGP instance per routing table - if you configure multiple VRs you can have different BGP instances (different AS). To be honest I am not sure if you can advertise routes between different VRs. I could guess you cannot, at least without static routes
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!