11-30-2018 01:15 PM - edited 11-30-2018 01:16 PM
Hello,
I am trying to control the networks that are being advertised from our ASR to our Palo. I have been able to get the advertisements to work with the prefix-list but I am having an issue trying to advertise a smaller block then what we are seeing in the BGP table. I have tried using the le flag and still can't get it to advertised.
We only want to advertise to the Palo 64.56.80.64/27
ASR: sh ip route 64.56.80.64
Routing entry for 64.56.80.0/23
Known via "bgp 12345", distance 20, metric 10
Tag 11096, type external
Last update from 108.59.25.110 2d02h ago
Routing Descriptor Blocks:
* 108.59.25.110, from 108.59.25.110, 2d02h ago
Route metric is 10, traffic share count is 1
AS Hops 2
Route tag 11096
ASR Config:
ip prefix-list bgp-advertise seq 10 permit 1.1.1.0/24
ip prefix-list bgp-advertise seq 15 permit 64.56.80.64/27
!
router bgp 12345
no bgp enforce-first-as
bgp log-neighbor-changes
neighbor x.x.x.x remote-as 54321
neighbor x.x.x.x prefix-list bgp-advertise out
64.56.80.64/27 this is the block we want to advertise. In BGP it is being advertised to us as 64.56.80.0/23. If I add the /23 on the prefix list it will be advertised to the Palo. If I try to break it up it will not advertised to the Palo.
Solved! Go to Solution.
11-30-2018 02:23 PM
Hi Jason,
The prefix-list cannot be used to deaggregate the /23. 64.56.80.64/27 needs to be present in the BGP RIB in order to be advertized to neighbors. You either need to originate it on the router peering with the Palo Alto device or receive it from some other router in your network.
Regards,
11-30-2018 02:23 PM
Hi Jason,
The prefix-list cannot be used to deaggregate the /23. 64.56.80.64/27 needs to be present in the BGP RIB in order to be advertized to neighbors. You either need to originate it on the router peering with the Palo Alto device or receive it from some other router in your network.
Regards,
11-30-2018 05:32 PM
Harold,
Thanks for the update. That is what I figured the answer was going to be. I was hoping there was a way to do that with BGP routing between the ASR and Palo. I think I will just end up doing static routes in the Palo to make the routing decisions between the different gateways.
Jason
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide