Influence Outbound Routes with the BGP Weight and Local Preference Attributes

Overview

Consider a scenario where the Palo Alto Networks firewall has EBGP connectivity with a peer of an External Autonomous System and has IBGP connectivity with peers within the same Autonomous System that it is part of. These IBGP Peers also have EBGP connectivity with other routers, outside of the Autonomous System. There are instances where the traffic destined for networks outside of the Autonomous System should egress out via the Palo Alto firewall instead of the IBGP peers. Influencing BGP Routers to select a point of exit in the Autonomous System can be accomplished by using the Local Preference and the Weight Attributes.

Details

• Local Preference: Local preference is used to choose the outbound external BGP path. Local preference is sent to all internal BGP routers in the autonomous system, and the path with the highest local preference is preferred. The default Local Preference value is 100.

• Weight: Weight is a Cisco-defined attribute that is local to a router. The weight attribute is not advertised to neighboring routers. If the router learns about more than one route to the same destination, the route with the highest weight will be preferred

In order to choose the Palo Alto Networks firewall for the outbound external Path, increase the local preference of the Palo Alto Networks firewall, by configuring the Default Local Preference value at:

Network > Virtual Routers > BGP > General

As Weight is a Cisco proprietary attribute, the Palo Alto Networks firewalls do not advertise weights of its own. However, it can modify the weights of the routes received from the peers before importing them into the local rib. On the web UI, go to:

Network > Virtual Routers > BGP > Import > (Import Rule) > Action > Weight