Solved: Re: BGP help

Shawn_Fletcher · ‎2020-07-03

Hi there

First time BGP setup with checkpoint (r80.40)

I've got a new environment and trying to setup a Cisco VSS with multiple VRFs that terminate to 16000 checkpoint. So multiple internal BGP peers with same AS #, i have received the routes fine from each peer, but i want to share routes from Peer 1 with Peer 2 for my test setup before i reattempt in production. I was able to share the checkpoint connected networks, as well as static routes fine with combination of route redistribution / route map, but not the BGP routes from

Route redistribution allows to pick same FROM/TO AS# and add a filter, thought that might work but no luck.

How is the way to do this? I'm also stuggling on route distribution with WebUI vs route-map on CLI... when is the right scenario to use each?

firewall1-gx · ‎2020-07-03

Hi Shawn,

For your enviroment, since all peers are sharing the same AS, I believe you need to enable "as override" and "allowas-in" in your BGP configuration.

Please look the GAIA Advanced Routing to get the commands or to do through WEBUI.

https://dl3.checkpoint.com/paid/69/69d1c6899e768ea0687857ec55d723d9/CP_R80.40_Gaia_Advanced_Routing_...

Regards,

View solution in original post

firewall1-gx · ‎2020-07-03

Hi Shawn,

For your enviroment, since all peers are sharing the same AS, I believe you need to enable "as override" and "allowas-in" in your BGP configuration.

Please look the GAIA Advanced Routing to get the commands or to do through WEBUI.

https://dl3.checkpoint.com/paid/69/69d1c6899e768ea0687857ec55d723d9/CP_R80.40_Gaia_Advanced_Routing_...

Regards,

Shawn_Fletcher · ‎2020-07-03

Thanks for the suggestion - it looks like to do this i have to change to an "External" group type, instead of Internal. Will see if i can get that working.

Boris_Karnaukh · ‎2020-12-08

Hi Shawn,

If you wish to keep this purely iBGP setup, you may consider setting up a route refelector. "GAIA Advanced routing" briefly covers this subject.

John_Fleming · ‎2020-12-08

Keeping all things BGP this would be the correct BGP term. iBGP assumes all peers to be fully meshed.

Assume we have iBGP talkers A, B and C.

B will not tell A about C routes learned from C.

B will not tell C about A routes learned from A.

The reason for this is since iBGP is assumed to be full mesh then B assumes C and A have BGP sessions with each other. Route reflector is the correct term to overcome this.

Sounds pretty good right? BTW I have no idea how to configure that in Gaia so.. uh.. maybe what firewall1-gx said is how to do that? 😄

Boris_Karnaukh · ‎2020-12-09

In GAIA it should be rather simple — if you want to make your CheckPoint a reflector:

set bgp internal peer ##.##.##.# peer-type reflector-client

Shawn_Fletcher · ‎2020-12-08

thanks for the suggestions - I did try route reflector but had no luck with that but in fairness we didn't open a case with TAC for assistance as we got a lot of feedback that OSPF was the more common option and moved on to that.

John_Fleming · ‎2020-12-08

Make sure cluster members have the same router-id. Seems like a common configuration issue. Once its set you can only change it by removing the ospf config.

Maarten_Sjouw · ‎2020-12-08

That is one of the reasons to use cloning groups when using dynamic routing, so you don't configure things double and with mistakes.

Regards, Maarten

BGP help

ClusterXL VSLS failover Time

need to make vpn

End users get different website error if it fails ...

How to replace a VSX RMA ?

Question about bandwidth usage