How to verify routes sent to PA firewall by particular BGP peer device using packet captures

How to verify routes sent to PA firewall by particular BGP peer device using packet captures

1778
Created On 10/16/23 23:52 PM - Last Modified 03/12/25 21:36 PM


Objective


  • There are occasions in BGP troubleshooting where we would like to verify what routes are sent to PA firewall by particular BGP peer device and packet captures come handy.  

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS
  • BGP
  • Packet Capture

Procedure


  1. Configure packet captures filters and stages to capture the BGP traffic using the ip addresses of intended BGP peer device and PA firewall data plane interface receiving the updates or peering with BGP peer. 
  2. Refer to KB- Getting Started Packet Capture  and documentation - Taking Custom Packet Capture.
  3.  Download the packet capture files and open the receive stage file in a Wireshark application.
  4. Look for the update message packets and expand the "Network Layer Reachability Information (NLRI) field which will show the routes being sent to PA firewall by the particular BGP peer as shown in following screenshots. 

 

2023-10-16_18h41_29.png

2023-10-16_18h43_04.png
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000XgvSCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail