Palo Alto Networks Knowledgebase: Routing Table has Multiple Prefixes for the Same Route
Routing Table has Multiple Prefixes for the Same Route
Created On 02/07/19 23:47 PM - Last Updated 02/07/19 23:47 PM
When running “show routing route” command routing table of Palo Alto firewall displays multiple entries for the same route (prefix and mask).
This is expected behavior because Palo Alto Networks firewall routing scheme is designed to take the best route from each protocol and put them all into the routing table. The best route is then selected among them based on Administrative Distance (AD) value of routing protocols which routes came from and that route is marked with flag A, stating that it is the Active route.
> show routing route flags: A:active, ?:loose, C:connect, H:host, S:static, ~:internal, R:rip, O:ospf, B:bgp, Oi:ospf intra-area, Oo:ospf inter-area, O1:ospf ext-type-1, O2:ospf ext-type-2 VIRTUAL ROUTER: default (id 1) ========== destination nexthop metric flags age interface next-AS ... 10.175.0.0/16 10.175.59.1 10 A S ethernet1/2 10.175.0.0/16 192.168.200.99 ?B 92699 0
The route marked with the A flag is further installed into the RIB and FIB table and used for traffic forwarding.