03-28-2023 09:20 AM
3 service connections are being advertised through the 10.0.0.0/8 network via EBGP from data centers. I noticed that traffic from the RN-SPN loopback addresses is all reaching the on-prem environment (10.0.0.0/8) via the same service connection when we'd expect IBGP in Prisma to send traffic to on-prem networks via the nearest service connection. The traffic in question is RN-SPN user-id client connections to one of the user-id collectors that are situated in the Amsterdam data center. there are three SCs, one in US, EMEA, and APAC. But user-id client traffic from our RN-SPNs is all reaching our on-prem networks via the SC in APAC. No matter if the RN-SPN is located in LATAM, for example. I would expect to see RN-SPNs located in LATAM and NAM to reach our on-prem environment via our US-based SC and all EMEA RN-SPNs to go via the EMEA SC. But the user-id traffic from all RN-SPNs is pushed down from Prisma to on-prem via the APAC SC.
set up is using hot potato routing
Is this expected when all three SCs are operational?
05-09-2023 01:05 AM
Better see https://docs.paloaltonetworks.com/prisma-access/administration/prisma-access-advanced-deployments/se... and https://www.youtube.com/watch?v=l2eaSvfbAwE
Maybe you have the wrong route as primary outside of that maybe call support:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
