Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
rajesh_s
Contributor

BGP Routes showing Hide and in active

HI ALl,

I am using R77.30,  I have configured IGP with router But in checkpoint all BGP routes showing hide and inactive, Can some explain what could causing the issue. 

12 Replies
Vladimir
Champion
Champion

Please post the sanitized Gaia's "show configuration" output as well as the BGP portion of your router configuration for us to take a look at.

Generally, configured dynamic routes marked as inactive/hidden in cases where they are either superseded by static routes or if there is no connectivity on the interfaces those are supposed to be routing traffic through. 

rajesh_s
Contributor

Hi Vladimir,

Thanks for you pesponse.

We running on Gaia R77.30 and BGP configuration mentioned below.

policy {
routemap "static-to-bgp" id 20 {
match {
proto static;
10.190.31.253 masklen 32;
};
set;
};
routemap "static-to-bgp" id 19 {
match {
proto static;
10.190.31.252 masklen 32;
};
set;
};
routemap "static-to-bgp" id 18 {
match {
proto static;
10.8.14.0 masklen 24;
};
set;
};
routemap "static-to-bgp" id 17 {
match {
proto static;
192.168.253.0 masklen 24;
};
set;
};
routemap "static-to-bgp" id 16 {
match {
proto static;
10.150.36.0 masklen 23;
};
set;
};
routemap "static-to-bgp" id 15 {
match {
proto static;
10.150.38.0 masklen 23;
};
set;
};
routemap "static-to-bgp" id 14 {
match {
proto static;
10.190.34.254 masklen 32;
};
set;
};
routemap "static-to-bgp" id 13 {
match {
proto static;
10.190.34.250 masklen 32;
};
set;
};
routemap "static-to-bgp" id 12 {
match {
proto static;
10.150.44.0 masklen 23;
};
set;
};
routemap "static-to-bgp" id 11 {
match {
proto static;
10.8.32.0 masklen 23;
};
set;
};
routemap "static-to-bgp" id 10 {
match {
proto kernel;
10.150.36.0 masklen 23;
};
!
!
!
};
bgp on {
group type routing-peer peeras 65018 proto all interface all next-hop-self {
export {
routemap "static-to-bgp" preference 20;
};
rrclient none {
peer 10.190.33.250 route-refresh;
};
};
!

Router Configuration

ROuter Configuration

router bgp 65018
bgp log-neighbor-changes
neighbor 10.190.33.254 remote-as 65018
neighbor XX.176.XX.29 remote-as 65000
neighbor XX.183.XX.101 remote-as 65000
!
address-family ipv4
network 10.100.1.1 mask 255.255.255.255
network 10.153.0.21 mask 255.255.255.255
network 10.190.33.0 mask 255.255.255.0
network XX.176.XX.28 mask 255.255.255.252
neighbor 10.190.33.254 activate
neighbor 10.190.33.254 next-hop-self
neighbor 152.176.182.29 activate
neighbor 152.183.159.101 activate

!

0 Kudos
Joe_Dillig
Employee Alumnus
Employee Alumnus

Be sure to check if you have a route map (CLISH) or inbound route filter (WebUI) set for these routes. It may be possible the gateway may be receiving the routes but not applying them to the main route table because there are no rules to do so.

rajesh_s
Contributor

Hi Joe,

Thanks for your response

There is no route filter in checkpoint and what rule should i add for adding routes into main routing table? 

0 Kudos
Joe_Dillig
Employee Alumnus
Employee Alumnus

The "inbound route filter" creates an action (rule) to allow learned routes to be allowed into the main routing table and is only used if you configured dynamic routing in the web interface. Route maps will take precedence over the inbound route filters if they are configured.

Inbound Route Filter

If configuring via CLISH you will want to make at least one route map that allows routes and assign that route map to BGP. Here is a very basic example:

set routemap bgp-inbound id 1 on
set routemap bgp-inbound id 1 allow

set bgp internal on
set bgp internal protocol all on
set bgp internal interface all on
set bgp internal import-routemap "bgp-inbound" preference 1 on

rajesh_s
Contributor

Hi Joe,

Thanks again,

I am seeing 1000 routes in hidden state, You mean do i need to call those 1000 routes in  route-map "bgp-inbound" and import that route-map into bgp protocol?.

0 Kudos
Joe_Dillig
Employee Alumnus
Employee Alumnus

Correct. You will need to make a route map that either allows all learned routes to be accepted OR you can limit which routes are accepted by adding subnet statements into the route map. Once this routemap is created, you will need to set it as the BGP import-route map (eg "set bgp internal import-routemap "bgp-inbound" preference 1 on") in CLISH.

0 Kudos
rajesh_s
Contributor

Hi Joe.

I have implemented below mentioned solution, But it doesn't help.

!

set routemap bgp-inbound id 1 on
set routemap bgp-inbound id 1 allow

 

set bgp internal on
set bgp internal protocol all on
set bgp internal interface all on
set bgp internal import-routemap "bgp-inbound" preference 1 on

!

Route learning Firewall to router (able to learn the route from firewall to router)


In firewall have some static routes, I called those static routes in route-map and exported that route map into BGP, those routes i am seeing as "B routes" in next hop router ( there is no issue in advertising LAN subnets into bgp)

Route learn Router to firewall( Not able to learn the routes)

In route i have 1000 B routes, All this routes i need to see in firewall, but In firewall if i run this command 

"show bgp route" nothing i am seeing, If run   Show route all " i am seeing all 1000 routes as B routes and Hide/inactive"

I cant call all those 1000 route into route-map, Is there any other option to import all 1000 routes into firewall bgp routing table?. If possible please share the commands.

Thanks in advance.

0 Kudos
kaushik_pal
Explorer

How about export routemap in ibgp.How do we export route from one bgp peer to another in ibgp?

0 Kudos
AK2
Collaborator

Hi Joe, I just wanted to say I found this comment very helpful getting my BGP working. Thanks!

0 Kudos
BroadcastStorm
Explorer

I created an account here just to give you a Kudo. It never occurred to me that you'd have to permit an AS pattern - too much time doing Cisco. 

0 Kudos
rajesh_s
Contributor

Hi Vladimir,

Thanks for you pesponse.

We running on Gaia R77.30 and BGP configuration mentioned below.

 

policy {
routemap "static-to-bgp" id 20 {
match {
proto static;
10.190.31.253 masklen 32;
};
set;
};
routemap "static-to-bgp" id 19 {
match {
proto static;
10.190.31.252 masklen 32;
};
set;
};
routemap "static-to-bgp" id 18 {
match {
proto static;
10.8.14.0 masklen 24;
};
set;
};
routemap "static-to-bgp" id 17 {
match {
proto static;
192.168.253.0 masklen 24;
};
set;
};
routemap "static-to-bgp" id 16 {
match {
proto static;
10.150.36.0 masklen 23;
};
set;
};
routemap "static-to-bgp" id 15 {
match {
proto static;
10.150.38.0 masklen 23;
};
set;
};
routemap "static-to-bgp" id 14 {
match {
proto static;
10.190.34.254 masklen 32;
};
set;
};
routemap "static-to-bgp" id 13 {
match {
proto static;
10.190.34.250 masklen 32;
};
set;
};
routemap "static-to-bgp" id 12 {
match {
proto static;
10.150.44.0 masklen 23;
};
set;
};
routemap "static-to-bgp" id 11 {
match {
proto static;
10.8.32.0 masklen 23;
};
set;
};
routemap "static-to-bgp" id 10 {
match {
proto kernel;
10.150.36.0 masklen 23;
};
!
!
!
};
bgp on {
group type routing-peer peeras 65018 proto all interface all next-hop-self {
export {
routemap "static-to-bgp" preference 20;
};
rrclient none {
peer 10.190.33.250 route-refresh;
};
};
!

 

Router Configuration

 

ROuter Configuration

router bgp 65018
bgp log-neighbor-changes
neighbor 10.190.33.254 remote-as 65018
neighbor XX.176.XX.29 remote-as 65000
neighbor XX.183.XX.101 remote-as 65000
!
address-family ipv4
network 10.100.1.1 mask 255.255.255.255
network 10.153.0.21 mask 255.255.255.255
network 10.190.33.0 mask 255.255.255.0
network XX.176.XX.28 mask 255.255.255.252
neighbor 10.190.33.254 activate
neighbor 10.190.33.254 next-hop-self
neighbor 152.176.182.29 activate
neighbor 152.183.159.101 activate

!

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events