Issue
When running “show routing route” command routing table of Palo Alto firewall displays multiple entries for the same route (prefix and mask).
Details
This is expected behavior because Palo Alto Networks firewall routing scheme is designed to take the best route from each protocol and put them all into the routing table. The best route is then selected among them based on Administrative Distance (AD) value of routing protocols which routes came from and that route is marked with flag A, stating that it is the Active route.
For example:
> show routing route
flags: A:active, ?:loose, C:connect, H:host, S:static, ~:internal, R:rip, O:ospf, B:bgp,
Oi:ospf intra-area, Oo:ospf inter-area, O1:ospf ext-type-1, O2:ospf ext-type-2
VIRTUAL ROUTER: default (id 1)
==========
destination nexthop metric flags age interface next-AS
...
10.175.0.0/16 10.175.59.1 10 A S ethernet1/2
10.175.0.0/16 192.168.200.99 ?B 92699 0
The route marked with the A flag is further installed into the RIB and FIB table and used for traffic forwarding.
See Also
Understanding Route Redistribution and Filtering