topic My BGP routes are showing as Hidden and Inactive in Firewall and Security Management

My BGP routes are showing as Hidden and Inactive

Blason_R — Thu, 15 Sep 2022 18:33:14 GMT

Hi Team,

I am facing this one more issue with BGP and route from other path is being received as Hidden and Inactive. I have scenario as depict in diagram. I am currently receiving route from Provider 1 which is fine. However route received from Provider 2 is showing as Hidden and Inactive on my firewall routing table.

I am at FW1 with version R80.30 with AS 64520 with network 172.31.24.0/24 while other peer is 64520 as well with network 10.100.0.0/16. However we are connected with two providers and route learned from provider-2 is getting as Hidden and Inactive from FW1 perspective.

Can someone please help?

set bgp external remote-as 9730 on set bgp external remote-as 9730 peer xx.xx.xx.xx on set bgp external remote-as 9730 peer xx.xx.xx.xx holdtime 15 set bgp external remote-as 9730 peer xx.xx.xx.xx keepalive 5 set bgp external remote-as 65001 on set bgp external remote-as 65001 peer yy.yy.yy.yy on set bgp external remote-as 65001 peer yy.yy.yy.yy as-override on

Here is my route table at FW1

#show route bgp B 10.100.0.0/16 via xx.xx.xx.xx, eth1, cost None, age 913492

And here is the issue

B 10.100.0.0/16 via xx.xx.xx.xx, eth1, cost None, age 913540 B H i 10.100.0.0/16 is an unusable route

Re: My BGP routes are showing as Hidden and Inactive

Chris_Atkinson — Fri, 16 Sep 2022 01:45:40 GMT

Do you have route filters or route-maps configured accepting the routes and how do the as-paths compare?

Re: My BGP routes are showing as Hidden and Inactive

Blason_R — Fri, 16 Sep 2022 02:55:18 GMT

Yes - default route filters configure and no such mechanism for as-path comparison

set inbound-route-filter bgp-policy 512 based-on-as as 9730 on set inbound-route-filter bgp-policy 512 accept-all-ipv4 set inbound-route-filter bgp-policy 516 based-on-as as 65001 on set inbound-route-filter bgp-policy 516 accept-all-ipv4 set route-redistribution to bgp-as 9730 from static-route 172.16.0.0/12 on set route-redistribution to bgp-as 9730 from static-route 192.168.0.0/16 on set route-redistribution to bgp-as 65001 from static-route 172.16.0.0/12 on set route-redistribution to bgp-as 65001 from static-route 192.168.0.0/16 on

Re: My BGP routes are showing as Hidden and Inactive

Blason_R — Fri, 16 Sep 2022 03:06:07 GMT

Do I need to use

allowas-in Accept a IPv4-route that contains the local-AS in the as-path

Re: My BGP routes are showing as Hidden and Inactive

Chris_Atkinson — Fri, 16 Sep 2022 03:15:36 GMT

What do you see with: "show route bgp aspath" ?

Please also review the following:

sk173204: Received BGP routes appear as unusable, hidden and inactive

Re: My BGP routes are showing as Hidden and Inactive

Blason_R — Fri, 16 Sep 2022 03:37:06 GMT

I guess this need allow-as. This resolved the issue

set bgp external remote-as 65001 peer yy.yy.yy.yy allowas-in-count 2