Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
How to Configure BGP Route Filtering - Knowledge Base - Palo Alto Networks

How to Configure BGP Route Filtering

64721
Created On 09/25/18 17:15 PM - Last Modified 10/07/24 16:27 PM


Environment


  • Any PAN-OS.
  • Palo Alto Networks Firewall.
  • BGP Configuration.


Resolution


Prerequisites:

Initial BGP configuration.  Instructions can be found at this link: How to configure BGP

ISPs typically aggressively filter announcements from their customers, but the point of BGP is to have as much control over route advertisements as possible. Address prefix 202.0.0.0/24 is being advertised in this example. One should replace this prefix with the ones in their network.

Part 1: Configuring Route Filtering

  1. To configure BGP, go to Network > Virtual Routers/[VR]/BGP
  2. Go to the Export Rules tab. Add a new rule. 
    • Name: ISP1-export
    • Used by: ISP1
  3. Under Match: 
    • Address prefix: 202.0.0.0/24, exact match                   => Here select the prefix matching your network.
  4. Under Action: 
    • allow
  5. Repeat the above for ISP2.
  6. Commit your changes.

Part 2: Verifying the BGP Route Filtering Setup

> show routing protocol bgp rib-out

You should see only your own prefixes being advertised to ISP peers.

Use ping and traceroute to make sure you still have full connectivity with the ISPs.

 

 

 



Additional Information


Also Refer BGP Traffic Engineering

Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClDuCAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language