Routes Learned from iBGP Neighbour Not Advertised to Another

Symptom

All the devices are in the same AS but routes received from one iBGP neighbour (R1)  are not getting advertised to another iBGP neighbour (R2).

Diagnosis

We have to configure Palo Alto Networks Firewall as a  Route Reflector:

Go to Network > Virtual router > Bgp > Open peer r1 > Select  Reflector client as Client 

Resolution

Cisco router R1  is advertising 1.1.1.1 route in BGP, the same route is appearing in the routing table of the Palo Alto Networks firewall but not apprearing in the routing table of Router R2

Note:  All the devices are in the same AS --they all are iBGP neighbours.

Reason:  By default, if any device receives a route from one iBGP neighbor then it never advertises the same route to another iBGP neighbour.

So, if the Palo alto Networks firewall receives any route from R1, let's say 1.1.1.1,  then it is not going to advertise the same to R2 in the above case as per the default behaviour of the BGP protocol.

Solution

To solve this, configure the Palo alto Networks firewall as a route reflector . Define peer R1 as a route reflector client  (please see the  screen shot below for peer R1).

Peer R2 will not non-client as per the default settings and  routes can be exchanged between client and non-client. 

Go the Network Tab >Virtual Router >BGP.

Open  the the peer group.

Select Reflector Client as Client .

After this, you will be able to see all the routes R1 is advertising in the local rib table of R2.

If you are not observing the route in the routing table of R2,  ensure that the next hop of the received route is recahable from R2.  Otherwise, the route will be in the  local rib table,   but that route will not be considered the best route and only best routes are installed in the routing table.

I verified the same in the lab by taking 3 Palo aAto Networks firewalls as iBGP neighbours.

Also, the above routers may be a firewall or any device that supports BGP.