Palo Alto Networks Knowledgebase: BGP Export Rule to restrict redistribution for different peer

BGP Export Rule to restrict redistribution for different peer

16383
Created On 02/07/19 23:46 PM - Last Updated 02/07/19 23:46 PM
Mobile Network Infrastructure
Resolution

How to configure PAN to advertise static/connected routes to its BGP peers except for one of them. This holds good for 

connected/OSPF/RIP routes.

 

Steps

 1. Example showing 2 BGP peers.

Screen Shot 2018-05-11 at 1.54.09 PM.png

 

Screen Shot 2018-05-11 at 1.55.25 PM.png

 

2. The following static routes are configured on the box

Screen Shot 2018-05-11 at 1.54.26 PM.pngIf only 100.1.1.0/24 and 50.0.0.0/24 static routes has to redistributed to Peer3 and all static routes to Peer2 then.

 

4.  Create a redistribution profile to allow all static routes.

Screen Shot 2018-05-11 at 1.54.40 PM.png

 

5. Use the same redistribution profile in the redist profile of the BGP.

Screen Shot 2018-05-11 at 1.54.57 PM.png

 

6.  Now this will redistribute all the static routes to peers Peer2 and Peer3. In order to restrict the redistribution , we need to use the export policy and allow the 2 routes.

Screen Shot 2018-05-11 at 2.05.58 PM.png

 

7. If you check the neighbor/Local-rib/Rib-out , you can see the desired result.

Screen Shot 2018-05-11 at 1.55.35 PM.png

 

Via the CLI

Use the following command to show the bgp loc-rib info:


admin@Lab> show routing protocol bgp loc-rib

 

VIRTUAL ROUTER: default (id 1)

==========

Prefix             Nexthop          Peer       Weight   LocPrf Org      MED flap AS-Path

*50.0.0.0/24                         Local           0      100 i/c        0    0

*100.1.1.0/24                        Local           0      100 i/c        0    0

*172.17.0.0/16      172.17.0.0       Local           0      100 i/c        0    0

*192.168.254.0/24                    Local           0      100 i/c        0    0

 

total routes shown: 4 

 

8. Now check the rib-out , only routes 100.1.1.0/24 and 50.0.0.0/24 are redistributed to Peer3 and all routes to Peer2.

Screen Shot 2018-05-11 at 2.06.12 PM.png

 

Via the CLI

Use the following command to show the bgp rib-out info:


admin@Lab> show routing protocol bgp rib-out

 

VIRTUAL ROUTER: default (id 1)

 ==========

  Prefix             Nexthop          Peer       Originator       Adv Status  Aggr     Status     AS-Path

50.0.0.0/24         172.19.1.1       peer1.1    0.0.0.0          advertised  no aggregation  64713

100.1.1.0/24        172.19.1.1       peer1.1    0.0.0.0          advertised  no aggregation  64713

172.17.0.0/16       172.19.1.1       peer1.1    0.0.0.0          advertised  no aggregation  64713

192.168.254.0/24    172.19.1.1       peer1.1    0.0.0.0          advertised  no aggregation  64713

50.0.0.0/24         172.19.1.1       Peer1.3    0.0.0.0          advertised  no aggregation  64713===>Peer3

100.1.1.0/24        172.19.1.1       Peer1.3    0.0.0.0          advertised  no aggregation  64713===>Peer3

 

total routes shown: 6

 

Important Note

-------------------

If you have redistribute OSPF,Connected,static route in BGP use the redistribution profile and redist tab on the BGP for the same and use the export rule only when you have to restrict the redistribution to peers as shown in the above example.

 

If you want to restrict the BGP routes sent out from the box , Use only the export tab and restrict it.  Do not use export and redist tab for exporting BGP routes in BGP.



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CltiCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language