Advertising a non-existent route to BGP in PAN

rtoodtoo PaloAltoNetworks October 9, 2019

Normally if you want to advertise a route to your BGP neighbor, the route you want to announce must be available in your routing table but in Palo Alto Networks there is a nice trick which is quite handy. Where can it be really handy? For example you have a subnet which you only use in your NAT pool which doesn’t really need any next hop. In this case this config plays a nice role.

For example you want to announce your route 144.122.122.0/24 add this under the menu as screenshot and make sure your “Export” rules don’t really block this subnet being advertised otherwise you won’t see it in your RIB-OUT.

With the help of this handy config, your peer router will receive your nat-pool subnet although you haven’t really added this in your routing table (PAN does this dummy route automatically as far as I can see)

About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE

6 thoughts on “Advertising a non-existent route to BGP in PAN”

JR says:

2020/10/27 at 7:12 pm

Palo has by far the worst implementation of redistribution of a null0 route. That routing static is pathetic.

Reply
1. RJ says:
  
  2020/11/13 at 5:52 pm
  
  hahahahaah agreed! All Palo BGP routing is horrible!
  
  Reply
  1. rtoodtoo says:
    
    2020/11/20 at 6:10 pm
    
    In general CLI navigation for me:)
    
    Reply
Aleksandr says:

2021/03/18 at 3:54 pm

Thanks man, you are life savior! Thank you.

Reply
davidkmessenger says:

2022/03/03 at 2:56 pm

Hero. Was trying to figure out to advertise a GlobalProtect IP pool and this was the key. Nice one.

Reply
1. siteadmin says:
  
  2022/03/03 at 2:59 pm
  
  Thanks for the feedback!
  
  Reply

Advertising a non-existent route to BGP in PAN

Related

About: rtoodtoo

6 thoughts on “Advertising a non-existent route to BGP in PAN”

You have a feedback?Cancel reply