This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Who rated this post

aleksandar.astardzhiev
Cyber Elite
Cyber Elite

‎06-22-2022 08:32 AM

Hi @pink-panther ,

No need to apologies. Your question is actually very broad complete anwser would be several pages long... I will try to cover most:

 

Q: Lastly what is the purpose of forwarding table on virtual router - is that showing path traffic is currently taking ?

A: Let tackle this question first as it is will be used as ground for building up. The following link provides really nice explanation for the difference between routing and forwarding table - What is the different between routing table and forwarding table? - Network Engineering Stack Exchan... In nut shell routing table will contain routes from all routing protocols (including dynamic and static). Device will select the best path will be selected and put in forwarding table, which will be use for actually forwarding the packet.

 

For simplified example let say :

- You have configured two static routes for the same destination prefix with different metrics

- Routing table will contain both static routes, because this is way have been statically configured

- Forwarding table will contain only one route, the best path (lowest metric in this case) to be used for actuall packet forwarding.

 

When you add dynamic routing the concept remain the same. However the difference is that each dynamic protocol will first select the best path for itself to be put in the routing table. After that device will select the best route from the routing table to be placed the the forwarding table (the best of the best 🙂 )

 

For example:

- You have OSPF and BGP enable and receiving route for the same exact destination prefix. At the same time you have configured static route for that prefix.

- OSPF will use its own algorithms to select the best path and the selected route will be put in the routing table. BGP will do the same

- At the end the routing table will contain three different routes for the same exact destination - from BGP, OSPF and static.

- Device will make decision and select the "best" one from the three and will put it in the forwarding table to be used for actuall packet forwarding.

 

Note: There are some specific cases where multiple routes to the same destination will be put in the forwarding table - if Equal-Cost Multi-Path is enabled for example, but lets put this aside for now...

 

Q: Generally do network devices like PA only display the best route when setup with dynamic routing ? If so, should that route go down it will recalculate next best route and display that in the route table?
A: You have to note that there are different dynamic routing protocols with different behaviours and features, so you may want to be more specific. But in general the act the same and have the same purpose - to automatically provide "best" path to given destination. So in general yes, you are correct - dynamic routing protol will do its magic to provide single "best" path to given destionation, which will be installed in the routing table.

 

Now what will happend if route is no longer available, well here each protocol could act very differently from the rest. Some dynamic routing protocols will build its own table. This table will contain all the possible paths, so if the preferable one is not available anymore it will provide the next one. So again - in general all dynamic protocols will automatically add the next available path to the routing table (if such is available of course). Most of the protocols allows you to look at their tables and see if given prefix is learned from multiple neighbours and if there are multiple paths

 

Q: With respect to route being down does PA detect that by checking if router in next hop is down (forget path monitoring or RBF in this scenario) ?

A: The answer to that really depends how the routes is received by the firewall - is it static, or dynamic.

- Dynamic - well this is the whole purpose of the dynamic routing protocols. Route will be removed from the routing table if the neighbour devices (from which the prefix is received), either stop advertising it, request to be removed, or simply the neighbour is down so FW doesn't receive keepalives from it.

- Static - like any other network device, firewall will remove statically configured route, only of the egress physical interface is down. By egress interface I mean the interface that is used to reach the next-hop address. If firewall interface is up, firewall doesn't have any way to know that next-hop is down (let say there is a layer2 switch between the FW and the next layer3 device). So the route will be kept in the routing table as long as it is not disabled/removed or the physical interface goes down.

 

What is nice is that Palo Alto gives you the feature Path-Monitor (it is not something groudbreaking, other vendors has it too). This allows the firewall to run some ping probes to given destination, which gives the firewall the information if something along this path has a problem. This way firewall can detect that this path is down, although its physical interface is still up and can remove this route from the routing table.

View solution in original post

(1)
Who rated this post
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks