topic Re: Protocol-rank BGP lower (perfered) then static default route in Firewall and Security Management

Protocol-rank BGP lower (perfered) then static default route

Arend — Wed, 14 Sep 2022 19:44:32 GMT

Good afternoon,

We are receiving a BGP default route from an external BGP neighbor and want to give it a more preferred ranking then a static default route to make the BGP primary. We have configured the static default as a back up line.

Following routemap is configured as imported routemap via the BGP peer.

set routemap <name> id 10 on
set routemap <name> id 10 allow
set routemap <name> id 10 match network 0.0.0.0/0 exact
set routemap <name> id 10 match protocol bgp
set routemap <name> id 10 action precedence 55

We also have dozens of more specific static routes for locations.

My doubt is that when we give the BGP Protocol-rank a lower value then the default Protocol-rank of statics(60) that all routing will be captured via the BGP default since the BGP protocol-rank is preferred over the static routing protocol. Or will the more specific static routes still be favoured?

any thoughts?

Re: Protocol-rank BGP lower (perfered) then static default route

Tobias_Moritz — Thu, 15 Sep 2022 14:05:46 GMT

I cannot back this up with personal experience on GAIA with BGP, but the normal logic is: most specific route is used. Only when more then one route in routing table is most specific, the metric (normally derived from protocol rank) is taken into consideration.

It works that way in all operating systems I know. Theoretically, CP could make things differently in GAIA (with their kernel modules and routed implementation), so better wait for a CheckMate with specific experience of try it yourself a (virtual) lab.

Re: Protocol-rank BGP lower (perfered) then static default route

JozkoMrkvicka — Thu, 15 Sep 2022 14:44:19 GMT

If you have 2 exactly same routes (for example 0.0.0.0/0) then it is up to protocol-rank which route will be used. By default, static route has 60 rank, BGP route has 170 rank. With that logic the static route wins and will be used.

Hovewer, you can play with the protocol ranks and you can assign BGP protocol more priority (less rank number). In case you will give BGP protocol rank of 59, then BGP route will be the one which will be selected by Gaia.

By aware that some specific features (PBR rules or VPN) can have higher priority over protocol ranking.

More informarion about protocol-rank is available in routing guides for your version.

For R81.10 it is here:

https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_Gaia_Advanced_Routing_AdminGuide/Topics-GARG/Routing-Options-Protocol-Rank.htm?tocpath=Routing%20Options%7C_____3