Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nflnetwork29
Advisor

Received BGP routes appear as hidden

I've set up most of the BGP in gaia os but im having some trouble getting the routes to appear in my routing table . I do see them under routing monitor but they appear as hidden.

 

[Expert@cp02:0]# clish -c "show route all" | grep 10.207
B          H i  10.207.0.0/24       via 10.101.24.17, eth4.402, cost None, age 58408
B          H i  10.207.0.0/24       via 10.101.24.1, eth4.401, cost None, age 58200
B          H i  10.207.0.0/24       via 10.101.24.33, eth3.403, cost None, age 57769
B          H i  10.207.3.0/24       via 10.101.24.17, eth4.402, cost None, age 58408
B          H i  10.207.3.0/24       via 10.101.24.1, eth4.401, cost None, age 58200
B          H i  10.207.3.0/24       via 10.101.24.33, eth3.403, cost None, age 57769

 

What am i missing?

I've already gone thru the checkpoint BGP guide but im stuck . Can someone please help me to get this going ?

0 Kudos
7 Replies
Chris_Atkinson
Employee Employee
Employee

Generally it will be one of the following:

- no route filter or route-map accepting the routes

- the routes are superseeded by static entries

- the as-path of the route has the local-as prepended which triggers loop prevention (unless you make allowances for it or fix it)

- The next-hop of the route is not as expected

CCSM R77/R80/ELITE
0 Kudos
nflnetwork29
Advisor

thank you for the reply how would i go about creating this? ( I did not see this on documentation) 

Is it thru CLI only?

- no route filter or route-map accepting the routes

0 Kudos
Chris_Atkinson
Employee Employee
Employee

It's available via both Web UI & CLI.

E.g. Web UI: Advanced Routing > Inbound Route Filters.

This is easier than route-maps but not as granular.

If that doesn't resolve the problem outputs such as "show route bgp aspath " will be helpful.

 

 

CCSM R77/R80/ELITE
0 Kudos
nflnetwork29
Advisor

HI Chris, 

Here you go 

set inbound-route-filter bgp-policy 512 based-on-as as 64690 on
set inbound-route-filter bgp-policy 512 accept-all-ipv4
set inbound-route-filter bgp-policy 516 based-on-as as 64700 on
set inbound-route-filter bgp-policy 516 accept-all-ipv4

 

aaa-cp02> show route bgp aspath
Prefix               Nexthop              AsPath

10.207.0.0/24        10.101.24.1          (64541),64690,64899,Incomplete.(Id-3)
                     10.101.24.17
10.207.3.0/24        10.101.24.1          (64541),64690,64899,Incomplete.(Id-3)
                     10.101.24.17
aaa-cp02>

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

To confirm what local-as is the Check Point configured for is it one of the as listed there?

Refer also:

https://community.checkpoint.com/t5/Security-Gateways/My-BGP-routes-are-showing-as-Hidden-and-Inacti...

CCSM R77/R80/ELITE
0 Kudos
nflnetwork29
Advisor

Local AS 64541

0 Kudos
the_rock
Legend
Legend

My colleague and I worked with a large client and TAC on this for 4 months until we figured it out. I will look at their config tomorrow to see what you might be missing, but I believe what Chris mentioned makes sense.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events