Few advertised BGP routes are not installed on Firewall

Few advertised BGP routes are not installed on Firewall

12273
Created On 06/08/22 09:42 AM - Last Modified 07/23/22 04:02 AM


Symptom


Firewall installs lesser routes compared to the routes advertised by the peer.

Network Configuration
  • Router --------BGP ----- firewall
  • Router advertises more than 5100 routes but the firewall installs less than 5000 routes.

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS
  • BGP configured with neighbor router

Cause


The total prefixes received exceeds the maximum number of prefixes configured to receive from neighbor .

Resolution


  1. Check the messages in the routed.log (less mp-log routed.log).  In this case the defined maximum prefixes is 5000.
**** AUDIT 0x4107 - 16 (0000) **** I:0050ff25 F:00000002
qbdcphs1.c 1437 :at 20:49:36, 22 February 2022 (727892719 ms)
The maximum number of prefixes stored for a neighbor would be exceeded.
RIB Manager entity index: 0X00000001
Neighbor IP address: <peer-ip>
AFI: 1
SAFI: 1
Defined max prefixes: 5000
Dropping connection: False
Idle hold time: 90
  1. The command "show routing fib"  and " show routing protocol bgp peer peer-name <peer>" also shows these details
Firewall> show routing fib
total virtual-router shown :              1
--------------------------------------------------------------------------------
virtual-router name: default
interfaces:
   ethernet1/3 ethernet1/6
route table:
flags: u - up, h - host, g - gateway, e - ecmp, * - preferred path

maximum of fib entries for device:                 5000
........

Firewall> show routing protocol bgp peer peer-name <name>

  Peer:                          <name>
  virtual router:                default
  Peer router id:                0.0.0.0
  Remote AS:                     1234
  Peer group:                    Pgroup (id 30)
  Peer status:                   Connect, for 0 seconds
  Password set:                  no
  Passive:                       no
  Multi-hop TTL:                 1
  Remote Address:                172.20.97.2
  Local Address:                 172.20.97.1
  (R) reflector client:          not-client
  same confederation:            no
  send aggr confed as-path:      yes
  peering type:                  Unspecified
  Connect-Retry interval:        1
  Open Delay:                    0
  Idle Hold:                     15
  Prefix limit:                  5000
  Holdtime:                      0 (config 90)
  Keep-Alive interval:           0 (config 30)
  Update
....
 
  1. Go to GUI: Network > Virtual Routers > (name) > BGP > Peer Group > (name) > (Select the peer) > Advanced
  2. Increase the Max Prefixes to the desired value from maximum of 5000.
  3. Commit the Configuration.
 
BGP Advanced
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CpwaCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language