11-14-2019 01:03 AM
I am trying to redistribute default route into EBGP peer it is not working.
1. Created Redistribute profile to redistribute default route
2. called redistribute profile under bgp redis rules
3. Checked allowed default routes to redistribute
3. created export policy to export 0.0.0.0/0 with action allow.
Looking at below command we see export policy is not getting hit.
show routing protocol bgp policy export specific to default route
any suggestions ?
11-14-2019 02:10 AM
Hi @fatboy1607,
I would say all if the steps you have perform are correct. It would be good to see the actual config, because there are two "gotchas" you need to look at.
1. When creating redistribution profile you are defining a filter to match the routes from the routing table that you need to redistribute. Palo Alto gives you ability to build the filter based on three criteria: source type (how this route get to the routing table), destination (actual prefix), nexthop
The biggest disadvantages (at least for me) is that destination filter is actually matching any routes that are part of the destination prefix you enter. What I am trying to say is that -
Example: if you have three static routes:
10.10.0.0/16
10.10.20.0/24
10.10.20.128/25
If you configure redist. profile with filter 10.10.0.0/16 it will actually match all three routes above (since they are all subnet of the /16.
So if you configure redist. profile with filter 0.0.0.0/0 type static, this will match all if your static routes (which should include default as well)
2. The BGP Export policy in contrast have an option to match exact prefix. Which means that FW will advertise the route only if it match exactly what you have typed.
Without looking at your actual configuration I only can suggest that:
- You redistribution rule is actually not matching the default (in best case, and in the worst it is matching a lot more that you intend)
- The BGP Export policy is matching 0.0.0.0/0 without the exact match enabled
One question - the default which want to redistribute. How did your FW receive it? Static, or from another dynamic protocol?
11-14-2019 11:45 PM
Hi @Retired Member
the default which want to redistribute. How did your FW receive it? Static, or from another dynamic protocol?
I have static route pointing to ISP IP.
it exactly match route in routing table , redistribute rule and export statement.
Looking at show routing protocol bgp policy export I see it does not hit export policy rule
any specific debug comands we can run to check if 0.0.0.0 is getting advertised ?
@Retired Member Thanks a lot for your help
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
