How to import and advertise static default route and a subset of static routes to BGP neighbor?

42705

Created On 12/18/19 00:51 AM - Last Modified 02/05/20 02:36 AM

BGP

Deployment

Network Integration

9.0

PAN-OS

Objective

When default route of 0.0.0.0/0 is imported into BGP using redistribution profile, all the static routes will be imported into BGP since the default static route of 0.0.0.0/0 is treated as any. The procedure details if only the default static route and a subset of static routes needs to be imported and advertised to BGP neighbor.

In the example below, multiple static routes are configured including the default static route of 0.0.0.0/0. In the configuration below, only the default static route of 0.0.0.0/0 and two other static routes 180.1.1.0/24 and 181.1.1.0/24 are imported.

Default route and one of the imported static route will then be advertised to the BGP neighbor via export.

Environment

PAN-OS 9.0.
Palo Alto Firewall.

Procedure

Part1: In this section, two static routes and default route will be imported into the BGP table.

Configure the Redistribution Profile, add the static routes to be imported to BGP table excluding the default route.

GUI: Network > Virtual Routers > (vr name) > Redistribution Profile > Add.

In the General Filter, select the source type as static and add the IP addresses in the Destination Section. Click on Redist and OK. In the example only 180.1.1.0/24 and 181.1.1.0/24 is selected.

Click on OK again to finish configuring Redistribution profile.

Now click on BGP Redist Rules tab (GUI: Network > Virtual Routers > (vr name) > BGP > Redist Rules > Add).

In the Name section, type in the default static route of 0.0.0.0/0. Click on Enable and fill in other details as required by your network.

Click OK. Now Click on Add to add the second rule.

In the name section select the name of the Redistribution profile added which includes all non default routes, click on Enable and fill in other details if required.

Click OK to continue. Redist Rules tab has both default route and non default route rules as seen below..

Now these routes are in the local BGP table. (GUI: Network > Virtual Routers > (VR Name) > More Runtime Stats > BGP > Local Rib)

In the absence of any export statements, these routes will be sent to all neighbors. These advertisements can further be controlled using export tab.

Part 2: Advertising the Local BGP routes neighbors.

This section of the configuration is only needed if these imported routes need to be sent to few neighbors or a subset of local BGP table need to be advertised. In this example We can select to advertise only default static route and one network 180.1.1.0/24 network.

Configure BGP export rule, Under GUI: Network > Virtual Routers > (vr name) > BGP > Export > Add.

In the general tab, Type in a rule name next to Rules. Then click Add under Used By section and select the Peer Group to export the networks.

In the Match tab, add the networks and mark them Exact, specially for the default route of 0.0.0.0/0. If this is not selected all routes of the local BGP table will be advertised to neighbor.

In the Action tab, select Allow as action. Fill in other details as required for your network.

Click OK the export filter is displayed.

Click on OK and Commit the operation.
Once commit is completed, only the default route and 180.1.1.0/24 network is advertise to neighbors as seen in the RIB out.

(GUI: Network > Virtual Routers > (VR Name) > More Runtime Stats > BGP > RIB Out)

Additional Information

CLI commands:

Static routes configured on the Firewall (show routing route type static).

admin@Lab-PA-VM> show routing route type static
<output omitted>
VIRTUAL ROUTER: default (id 1)
  ==========
destination                                 nexthop                                 metric flags      age   interface          next-AS
0.0.0.0/0                                   10.46.199.65                            10     A S              ethernet1/3               
10.0.0.0/8                                  10.46.199.65                            10     A S              ethernet1/3               
12.1.1.0/24                                 10.46.199.65                            10     A S              ethernet1/3               
180.1.1.0/24                                10.46.199.65                            10     A S              ethernet1/3               
181.1.1.0/24                                10.46.199.65                            10     A S              ethernet1/3               
total routes shown: 5

Local BGP table ( show routing protocol bgp loc-rib).

admin@Lab-PA-VM> show routing protocol bgp loc-rib
VIRTUAL ROUTER: default (id 1)
  ==========
  Prefix             Nexthop          Peer       Weight   LocPrf Org      MED flap AS-Path
 *0.0.0.0/0                           Local           0      100 i/c        0    0
 *180.1.1.0/24       10.46.199.65     Local           0      100 i/c        0    0
 *181.1.1.0/24       10.46.199.65     Local           0      100 i/c        0    0
total routes shown: 3

Routes are being advertised to neighbors (show routing protocol bgp rib-out).

admin@Lab-PA-VM> show routing protocol bgp rib-out
VIRTUAL ROUTER: default (id 1)
  ==========
  Prefix             Nexthop          Peer       Originator       Adv Status  Aggr Status     AS-Path
 0.0.0.0/0           172.31.30.98     P1         0.0.0.0          advertised  no aggregation  2222
 180.1.1.0/24        172.31.30.98     P1         0.0.0.0          advertised  no aggregation  2222
total routes shown: 2

How to import and advertise static default route and a subset of static routes to BGP neighbor?

Objective

Environment

Procedure

Additional Information

Other users also viewed: