How to advertise a specific BGP route that's within an aggregated/summarized subnet.
31279
Created On 11/22/22 19:20 PM - Last Modified 11/23/22 04:02 AM
Objective
This KB article is to provide the procedure to advertise a specific BGP route that's within an aggregated/summarized subnet for the purpose of monitoring the path.
Combined with a static route with path monitoring, a Redistribution Profile, and BGP Redist Rule, we can achieve, Monitoring the availability of a specific path, installing that route if available, advertising that route specifically even though it’s within a larger summarized prefix, and remove the specific route and its specific advertisement if the path goes down.
Environment
- Palo Alto Firewalls
- PAN-OS 10.1, 10.2
- BGP
- Redistribution Filters
Procedure
- In the example below, the firewall is aggregating 10.6.0.0/15 and advertising it to its peers as expected,
- The procedure documented explains how to advertise a specific subnet 10.6.11.0/24 with path monitoring enabled, to automatically install or remove the route from the BGP and advertise it to peers.
- Create a static route with Path monitoring to monitor the path.
GUI: Network > Virtual Routers > (Select the VR) > Static Routes > Add
- Create a Redistribution Profile with filter types as “Static” and “Interface (Select the interfaces to specify the forwarding interfaces of the candidate route).” Make sure Redistribute is set to “Redist” in the profile.
GUI: Network > Virtual Routers > (Select the VR) > Redistribution Profile > Add
- Add the Redistribution profile to the Redist Rules in BGP and Commit the configuration.
GUI: Network > Virtual Routers > (Select the VR) > BGP > Redist Rules > Add > (select the configured profile from drop down)
Once done, the route entries are present in the "Local RIB" of "BGP".
GUI: Network > Virtual Routers > (Select the VR) > More Runtime Stats> BGP > Local RIB
GUI: Network > Virtual Routers > (Select the VR) > More Runtime Stats> BGP > Local RIB
- Use Export rules to advertise the interesting routes to the peer, here I am advertising all the routes present in the local RIB. If no prefixes match is defined, the BGP will export all the routes present.
GUI: Network > Virtual Routers > (Select the VR) > BGP > Export > Add
After configuration and "Commit", the entries can be seen in RIB Out table.
GUI: Network > Virtual Routers > (Select the VR) > More Runtime Stats> BGP > RIB Out
- Creating aggregate rule:
Route aggregation is the act of combining specific routes (those with a longer prefix length) into a single route (with a shorter prefix length) to reduce routing advertisements that the firewall must send and to have fewer routes in the routing table.
- GUI > Network > Virtual Router > (select the vr) > BGP > Aggregate > Add > Specify the Name and the Prefix
- Check "Enable"
- Check "Summary"
- Click on the "Advertise Filters" tab to create Advertise Filters. This is to exclude a specific prefix from summarization.
Define the attributes for an Advertise Filter that causes the firewall to advertise to peers any route that matches the filter. Click Add and enter a name for the Advertise Filter.. Click "OK" and Commit the configuration.
- Now from the CLI and GUI both the summarized route and the non-aggregated route is seen in the RIB-OUT.
- CLI Command: "show routing protocol bgp rib-out-detail"
- From GUI: Network > Virtual Routers > (Select the VR) > More Runtime Stats> BGP > RIB Out
- On the Palo Alto Peer Router, the advertised routes are seen in the BGP Local-RIB
GUI: Network > Virtual Routers > (Select the VR) > More Runtime Stats> BGP > Local RIB
Additional Information
Route summarization -- also known as route aggregation -- is a method to minimize the
number of route entries in the routing tables in an IP network. It consolidates selected
multiple routes into a single route advertisement.