How to import and advertise static default route and a subset of static routes to BGP neighbor?

Objective

When default route of 0.0.0.0/0 is imported into BGP using redistribution profile,  all  the static routes will be imported into BGP  since the default static route of 0.0.0.0/0 is treated as  any .  The procedure details if only the  default static route  and a  subset of static routes  needs to be imported and advertised to  BGP neighbor.

In the example below, multiple static routes are configured including the default static route of 0.0.0.0/0. In the configuration below, only the default static route of 0.0.0.0/0 and two other static routes 180.1.1.0/24 and 181.1.1.0/24 are imported.

Default route and one of the imported static route will then be advertised to the BGP neighbor via export.
 

Environment

• PAN-OS 9.0.

• Palo Alto Firewall.

Procedure

Part1: 

In this section, two static routes and default route will be imported into the BGP table.

1. Configure the Redistribution Profile, add the static routes to be imported to BGP table  excluding  the default route.

GUI:  Network > Virtual Routers > (vr name) > Redistribution Profile > Add. 

In the  General Filter , select the source type as  static  and add the IP addresses in the Destination Section. Click on  Redist  and  OK . In the example only 180.1.1.0/24 and 181.1.1.0/24 is selected.
 

2. Click on  OK  again to finish configuring Redistribution profile.

3. Now click on BGP Redist Rules tab (GUI:   Network > Virtual Routers > (vr name) > BGP > Redist Rules > Add).

In the  Name  section, type in the default static route of 0.0.0.0/0. Click on  Enable  and fill in other details as required by your network.
 

4. Click  OK.  Now Click on  Add  to add the second rule.

In the name section select the name of the Redistribution profile added which includes all non default routes, click on  Enable  and fill in other details if required.
 

5. Click  OK  to continue.  Redist Rules tab  has both  default route and non default route rules as seen below..

Now these routes are in the local BGP table. (GUI:  Network > Virtual Routers > (VR Name) > More Runtime Stats > BGP > Local Rib)



In the absence of any export statements, these routes will be sent to all neighbors.  These advertisements can further be controlled using export tab.

Part 2: 

Advertising the Local BGP routes neighbors.

This section of the configuration is only needed if these imported routes need to be sent to few neighbors or a subset of local BGP table need to be advertised. In this example We can select to advertise only default static route and one network 180.1.1.0/24 network.

1. Configure BGP export rule, Under GUI:   Network > Virtual Routers > (vr name) > BGP > Export > Add.

In the general tab, Type in a rule name next to  Rules.  Then click Add under  Used By  section and select the Peer Group to export the networks.
 

2. In the Match tab, add the networks and mark them  Exact , specially for the default route of 0.0.0.0/0. If this is not selected all routes of the local BGP table will be advertised to neighbor.

3. In the  Action  tab, select  Allow  as action. Fill in other details as required for your network.

4. Click  OK  the export filter is displayed.

5. Click on  OK  and  Commit  the operation.

6. Once commit is completed, only the default route and 180.1.1.0/24 network is advertise to neighbors as seen in the RIB out.

(GUI:  Network > Virtual Routers > (VR Name) > More Runtime Stats > BGP > RIB Out)

Additional Information

CLI commands:

• Static routes configured on the Firewall (show routing route type static ) .

• Local BGP table ( show routing protocol bgp loc-rib).

• Routes are being advertised to neighbors (show routing protocol bgp rib-out).