This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

BGP Route Advertisement /Export Rule

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

BGP Route Advertisement /Export Rule

Cobraflo
L0 Member

‎07-30-2024 01:34 PM - edited ‎07-30-2024 01:37 PM

Need some help with advertising specific routes over BGP and hoping someone can help.

 

I have a site-to-site tunnel setup between AWS and my on-premise PA Firewall. I am receiving routes from AWS over BGP as expected. No issue there and I am able to create a redistribution profile & redist rule and advertise an existing static route listed within the PA's VR which points to my internal LAN i.e. 10.0.0.0/8 into BGP over to AWS. That said, I do not wish to advertise the entire 10.0.0.0/8 network but specific routes i.e. a 10.10.10.0/24 and have the ability not to advertise this to any other BGP peers I may have in the future under the same VR.

 

Thus far I have manage to just add the prefix i.e. 10.10.10.0/24 to a Redist rule which somewhat gives me the desired result and PA only advertises 10.10.10.0/24 into AWS. But I am concerned it will advertise this to other BGP peers so its no what I want.

 

I have tried to create an export rule which seems the way to go as this allows me to specify a prefix and peer i'd like to advertise this networks to and have better control but for some reason once I setup an export rule, I am unable to advertise the prefix.

 

With the export rule,

  • Under General, I am selecting the AWS Peer Group (Peer-AWS) to be used
  • Under Match, I have Address Prefix set to 10.10.10.0/24 with exact match and under "From Peer" I have the relevant AWS Peer assigned.
  • Under Action, I have 'Allow' and Origin set to incomplete.
  • Have tried specifying next hope but no joy.

For some reason, PA is not advertising the routes and I am not seeing 10.10.10.0/24 under the loc-rib or rib-out

 

Does anyone know what I missing or doing wrong?

 

Thank you!

 

0 Likes Likes
0 REPLIES 0
  • 31 Views
  • 0 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks