Palo Alto Networks Knowledgebase: Routing Table has Multiple Prefixes for the Same Route

Routing Table has Multiple Prefixes for the Same Route

1683
Created On 09/26/18 13:51 PM - Last Updated 09/26/18 13:59 PM
Content Release Deployment
Resolution

Issue

When running “show routing route” command routing table of Palo Alto firewall displays multiple entries for the same route (prefix and mask).

 

Details

This is expected behavior because Palo Alto Networks firewall routing scheme is designed to take the best route from each protocol and put them all into the routing table. The best route is then selected among them based on Administrative Distance (AD) value of routing protocols which routes came from and that route is marked with flag A, stating that it is the Active route.

 

For example:

 

> show routing route
flags: A:active, ?:loose, C:connect, H:host, S:static, ~:internal, R:rip, O:ospf, B:bgp,
Oi:ospf intra-area, Oo:ospf inter-area, O1:ospf ext-type-1, O2:ospf ext-type-2
VIRTUAL ROUTER: default (id 1)
==========
destination nexthop metric flags age interface next-AS
...
10.175.0.0/16 10.175.59.1 10 A S ethernet1/2
10.175.0.0/16 192.168.200.99 ?B 92699 0

 

The route marked with the A flag is further installed into the RIB and FIB table and used for traffic forwarding.

 

See Also

Understanding Route Redistribution and Filtering



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CluICAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language