How to Configure BGP Export/Import Rules Based on Next Hop Filtering

How to Configure BGP Export/Import Rules Based on Next Hop Filtering

46392
Created On 09/25/18 18:52 PM - Last Modified 06/12/23 17:01 PM


Resolution


Overview

When configuring BGP with the option to configure Export/Import rules based on the Next Hop entry from the routing table, the next hop entry cannot be just an IP address. The next hop entry must have the /32 prefix; a different prefix will not match the rule.

 

Steps

  1. Export the Rule. This configuration will filter the BGP routes based on the next hop IP address. If routes have 1.1.1.1 as a next hop they will be advertised through BGP. Other routes will be filtered by the Palo Alto Networks device.
    A. From the WebGUI, go to Network > Virtual router and Click "default" .
    B. Select BGP > click on the "Export" tab and "Add" to create export rule.
    C. Then go to "Match" and Add next hop IP address as shown below.
    import.JPG
    bgp.JPG
     
  2. Import the rule. This configuration will filter the BGP routes based on the next hop IP address. Routes with 1.1.1.1 as a next hop will be received through BGP and other routes will be filtered by the Palo Alto Networks device.
    A. From the WebGUI, go to Network > Virtual router and Click "default."
    B. Select "BGP" > click on "Import" tab and "Add" to create export rule.
    C. Then go to "Match" and Add next hop IP address as shown below.

    match.JPG

 

owner: aciobanu
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000ClRL&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkcSArticleDetail

Choose Language