Understanding Redistribution Profile Behavior if using Destination Filter

Redistribution profiles are used to redistribute routes learned from one protocol to another protocol. Please use the following articles for help in configuring Route Redistribution on Palo Alto Firewall:

When you use "Destination" as one of the filtering/matching criteria in Redistribution Profile, you should read the destination prefix as 'OR LONGER' and not 'EXACT'.

Scenario 1: Redistributing smaller prefix instead of longer prefix in OSPF:

You wish to advertise the 10.10.0.0/16 route but not the 10.10.1.0/24, 10.10.2.0/24 and 10.10.3.0/24 .

Then you will end up redistributing even 10.10.1.0/24, 10.10.2.0/24, 10.10.3.0/24 as well:

admin@PA-200> show routing protocol ospf lsdb VIRTUAL ROUTER: default (id 1) ========== VR Area ID Orig RTR ID LS ID LSA Type Seq Number CheckSum Age Size 1 0.0.0.0 1.1.1.1 1.1.1.1 type-1 (Router) 0x80000003 0x00008B8D 497 36 1 0.0.0.0 2.2.2.2 2.2.2.2 type-1 (Router) 0x80000004 0x00004DA2 2302 36 1 0.0.0.0 2.2.2.2 10.1.1.12/24 type-2 (Network) 0x80000001 0x0000C746 2302 32 1 1.1.1.1 10.10.0.0/16 type-5 (External) 0x80000001 0x0000D3E5 123 1 1.1.1.1 10.10.1.0/24 type-5 (External) 0x80000003 0x0000C4F1 123 1 1.1.1.1 10.10.2.0/24 type-5 (External) 0x80000003 0x0000B9FB 123 1 1.1.1.1 10.10.3.0/24 type-5 (External) 0x80000003 0x0000AE06 123

Rather use two profiles, the first for not redistributing specific routes and a second for redistributing a larger route. Use it under export rules in OSPF as under: (Notice the priority value in the two profiles)

Understanding Redistribution Profile Behavior if using Destination Filter

Environment

Resolution

Scenario 1: Redistributing smaller prefix instead of longer prefix in OSPF: