Palo Alto Networks Knowledgebase: BGP Traffic Engineering

BGP Traffic Engineering

Created On 02/07/19 23:49 PM - Last Updated 02/07/19 23:49 PM
Mobile Network Infrastructure


Using the network shown in the example, BGP will be configured to use one link as the primary and another link as backup for inbound and outbound internet traffic.


The user has full control over how traffic exits the network, but can only influence how traffic enters the network. By default, BGP hands off a packet at the closest AS exit, though this may not be an optimal route. Local preference can be used to control egress traffic and AS path to influence ingress traffic.



Please refer to the following prerequisites:


Part 1: Configuring BGP

  1. Go to Network > Virtual Routers > BGP > Export to view the BGP Export Rules:


  2. Edit ISP2-export, Action tab to change the AS path to prepend the ASN value 4 times:


  3. Configure an import filter to change the Local Preference on routes from your primary ISP peer. A higher value in the local preference field will signify that is the preferred path:


    • Add a BGP Import Rule

      Name: ISP1-import

      Put a checkmark next to ISP1

      Match tab: Leave blank since all routes are matching

      Action tab: Change local preference to 500

  4. Commit the changes


Part 2: Verifying the BGP Traffic Engineering Setup

Show Commands

> show routing protocol bgp loc-rib

As shown below, see all routes prefer the primary ISP path due to local preference:


> show routing route | match B

See all BGP routes are coming from the primary ISP peer, as shown below:

> show routing protocol bgp rib-out

See that the AS PATH is longer when advertising to the backup ISP peer:

Ping and traceroute to various IPs in both ISP networks to verify the correct paths are taken.


owner: panagent

  • Print
  • Copy Link

Choose Language