Palo Alto Networks Knowledgebase: BGP Route Aggregation Policies

BGP Route Aggregation Policies

6110
Created On 08/05/19 19:56 PM - Last Updated 08/05/19 20:11 PM
Device Management Initial Configuration Installation QoS Zone and DoS Protection
Resolution

Symptom

The Palo Alto Networks firewall does not advertise an aggregated route to its peer when it receives a prefix falling within the aggregated route range from the same peer.

 

For example:

The Palo Alto Networks firewall has  routes for 10.0.2.0/24, 10.0.3.0/24 and 10.0.4.0/24 in its local-rib. It has been configured with an export policy to aggregate the routes into 10.0.0.0/16 and advertise this /16 route to its peer, as shown below.
supernet.JPG.jpg

The peer has a route for 10.0.1.0/24, in its local rib, that it wants to advertise to the Palo Alto Networks firewall. The peer does not learn the aggregated 10.0.0.0/16, but learns the more specific routes 10.0.2.0/24, 10.0.3.0/24 and 10.0.4.0/24 from the firewall.

 

Cause

If the Palo Alto Networks firewall learns a prefix from a peer that is part of the aggregated route that is advertised to the same peer, the firewall advertises the more specific routes under the aggregated route to the peer.

 

owner: kprakash



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CljkCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language