topic Not advertising IPv6 subnet to BGP peer in Firewall and Security Management

Not advertising IPv6 subnet to BGP peer

Arend — Thu, 13 Oct 2022 05:09:12 GMT

Hi,

From our cluster we have set up an IPv6 BGP peering connection with the ISP which is working fine. We receive the IPv6 default route from the ISP.

But we do not manage to advertise our local IPv6 connected subnet to the BGP peer of the ISP with our export routemap.

Any suggestions? Maybe an error in the routemap? (Reference to actual config/ip's have been altered or contains placeholder)

R81.10

CheckPoint fw>

set bgp external remote-as <ISP AS> peer 2001:x:x:x::1 on
set bgp external remote-as <ISP AS> peer 2001:x:x:x::1 capability ipv6-unicast on
set bgp external remote-as <ISP AS> peer 2001:x:x:x::1 holdtime 90
set bgp external remote-as <ISP AS> peer 2001:x:x:x::1 keepalive 30
set bgp external remote-as <ISP AS> peer 2001:x:x:x::1 authtype md5 secret <md5 secret>
set bgp external remote-as <ISP AS> peer 2001:x:x:x::1 export-routemap "EXP-IPV6-routemap" preference 10 on
set bgp external remote-as <ISP AS> peer 2001:x:x:x::1 import-routemap "IMP-IPV6-routemap" preference 10 on

CheckPoint fw> show configuration routemap EXP-IPV6-routemap
set routemap EXP-IPV6-routemap id 10 on
set routemap EXP-IPV6-routemap id 10 allow
set routemap EXP-IPV6-routemap id 10 match network 2a07:2240:17f8::/48 exact
set routemap EXP-IPV6-routemap id 10 match protocol direct

CheckPoint fw> show bgp peers established

Flags: R - Peer restarted, W - Waiting for End-Of-RIB from Peer
PeerID AS Routes ActRts State InUpds OutUpds Uptime
2001:x:x:x::1 <ISP AS> 1 0 Established 2 0 2d9h

CheckPoint fw> show bgp peer 2001:x:x:x::1 received
IPv6 Route MED LocalPref Nexthop Communities
::/0 None N/A(EBGP) 2001:x:x:x::1 (link-local: fe80::da24:bcff:fec7:a7c2)

CheckPoint fw> show bgp peer 2001:x:x:x::1 advertise
EMPTY

CheckPoint fw> show ipv6 route destination 2a07:2200:13f8::
Codes: C - Connected, S - Static, B - BGP, Rg - RIPng, A - Aggregate,
O - OSPFv3 IntraArea (IA - InterArea, E - External),
K - Kernel Remnant, H - Hidden, P - Suppressed,
NP - NAT Pool, U - Unreachable, i - Inactive

C 2a07:2200:13f8::/48 is directly connected, bondx.xxx

Re: Not advertising IPv6 subnet to BGP peer

Sorin_Gogean — Thu, 13 Oct 2022 08:46:02 GMT

hey,

According to your export route-map you want to advertise the connected 2a07:2240:17f8::/48 but you might need to set a route-redistribution for connected (still I've checked and there is no option for connected routes)....

Did you tried to change the exact with refines or you need to specify the "restrict off - Allows the matched subnets to be exported or imported." also ????

CheckPoint fw> show configuration routemap EXP-IPV6-routemap
set routemap EXP-IPV6-routemap id 10 on
set routemap EXP-IPV6-routemap id 10 allow
set routemap EXP-IPV6-routemap id 10 match network 2a07:2240:17f8::/48 exact
set routemap EXP-IPV6-routemap id 10 match protocol direct

C 2a07:2200:13f8::/48 is directly connected, bondx.xxx

ex:

Axxx-FW02> set route-redistribution to bgp-as 65004 from
aggregate - Redistribute aggregate routes into BGP
bgp-as-number - Redistribute BGP routes from a given AS into BGP
bgp-as-path - Redistribute BGP routes matched by AS path into BGP
default-origin - Default rule for redistributing IPv4 routes into BGP
interface - Redistribute interface routes into BGP
kernel - Redistribute kernel routes into BGP
nat-pool - Redistribute NAT pools into BGP
ospf2 - Redistribute OSPF routes into BGP
ospf2ase - Redistribute external OSPF routes into BGP
rip - Redistribute RIP routes into BGP
static-route - Redistribute static routes into BGP
Axxx-FW02>

Like in my case, with IPv4 BGP we don't use routemaps but we used route-redistribution from static routes defined on the GW to be advertised on BGP :

Axxx-FW02> show bgp peer 10.X.Y.10 advertise

IPv4 Route MED LocalPref Nexthop Communities
10.230.211.0/24 None 100 10.X.Y.1
10.237.1.0/24 None 100 10.X.Y.1
192.168.130.0/23 None 100 10.X.Y.1

Axxx-FW02>

Axxx-FW02> show configuration
.............
set route-redistribution to bgp-as 65004 from static-route 10.230.211.0/24 on
set route-redistribution to bgp-as 65004 from static-route 10.237.1.0/24 on
set route-redistribution to bgp-as 65004 from static-route 192.168.130.0/23 on
(those are static routes we have defined)

ty,

Re: Not advertising IPv6 subnet to BGP peer

Arend — Thu, 13 Oct 2022 10:34:13 GMT

Hi Sorin, Thank you for your response.

solution:

We just found out that "..... preference 10 family inet6 on" is necessary in the BGP config.

Gaia Advanced Routing R81.10 Administration Guide
Section: Routing Policy Configuration -> sub section "Route Maps - Export and Import"

Syntax to set BGP routemaps for export and import policies

set bgp external remote-as <1-65535> export-routemap <Name of Route Map> preference <1-65535> family inet6 on

Note: the actual subnets were altered and maybe dont match in the config above.