如何在 PA 防火墙中检查 BGP 播发或接收的前缀

如何在 PA 防火墙中检查 BGP 播发或接收的前缀

1810
Created On 03/05/24 02:24 AM - Last Modified 01/29/26 03:07 AM


Objective


在对 BGP 前缀通告问题进行故障排除时,验证在 PA 防火墙中播发或接收前缀的 BGP。

 

 

Environment


  • 帕诺斯
  • PA 防火墙
 PA-EBGP.png

Procedure


       1. 登录到 PA 防火墙 cli 并运行以下命令以验证播发/接收的前缀数量。  
show routing protocol bgp peer peer-name <value> virtual-router <value>

例:

admin@PA-VM-50_1(active)> show routing protocol bgp peer peer-name pa-vm-100

  ==========
  Peer:                          pa-vm-100 (id 2)
  virtual router:                default
  Peer router id:                10.46.172.39
  Remote AS:                     6500
  Peer group:                    pa-vm-100-group (id 2)
  Peer status:                   Established, for 6 seconds
  Password set:                  no
  Passive:                       no
  Multi-hop TTL:                 1
  Remote Address:                10.46.172.39:36694
  Local Address:                 10.46.172.37:179
  (R) reflector client:          not-client
  same confederation:            no
  send aggr confed as-path:      yes
  peering type:                  Unspecified
  Connect-Retry interval:        15
  Open Delay:                    0
  Idle Hold:                     15
  Prefix limit:                  5000
  Holdtime:                      90 (config 90)
  Keep-Alive interval:           30 (config 30)
  Update messages:               in        4, out        4
  Total messages:                in       23, out       29
  Last update age:               6
  Last error:
  Flap counts:                   4, established 2 times
  (R) ORF entries:               0
  Nexthop set to self:           no
  use 3rd party as next-hop:     yes
  override nexthop to peer:      no
  ----------
  remove private AS number:      yes
  ----------
  Capability:                    Multiprotocol Extensions(1)  value: IPv4 Unicast
  Capability:                    Route Refresh(yes)
  Capability:                    Graceful Restart(64)  value: 007800010100
  Capability:                    Route Refresh (Cisco)(yes)
  ----------
  Prefix counter for:            bgpAfiIpv4 / unicast
  Incoming Prefix:               Accepted 2, Rejected 0, Policy Rej 0, Total 2
  Outgoing Prefix:               2
  Advertised Prefix:             2

      2. 然后运行以下命令以查看收到的前缀。

show routing protocol bgp loc-rib peer <value>

例:

admin@PA-VM-50_1(active)> show routing protocol bgp loc-rib peer pa-vm-100


VIRTUAL ROUTER: default (id 1)
  ==========
  Prefix             Nexthop          Peer       Weight   LocPrf Org      MED flap AS-Path
 *10.10.100.0/24     10.46.172.39     pa-vm-100       0      100 i/c        0    0 6500
 *10.46.172.0/22     10.46.172.39     pa-vm-100       0      100 i/c        0    0 6500

total routes shown: 2

 

从 GUI:

EBGP-received-routes.png 

  3. 然后运行以下命令以查看通告给对等方的内容。

show routing protocol bgp rib-out peer <value>

例:

admin@PA-VM-50_1(active)> show routing protocol bgp rib-out peer pa-vm-100


VIRTUAL ROUTER: default (id 1)
  ==========
  Prefix             Nexthop          Peer       Originator       Adv Status  Aggr Status     AS-Path
 10.10.10.1/32       10.46.172.37     pa-vm-100  0.0.0.0          advertised  no aggregation  6600
 192.168.100.0/24    10.46.172.37     pa-vm-100  0.0.0.0          advertised  no aggregation  6600

total routes shown: 2

 

从 GUI:

 

EBGP-Adverstised-routes.png

 

 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008XQ2CAM&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language