Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Contributor

BGP help

Jump to solution

Hi there

First time BGP setup with checkpoint (r80.40)

I've got a new environment and trying to setup a Cisco VSS with multiple VRFs that terminate to 16000 checkpoint. So multiple internal BGP peers with same AS #, i have received the routes fine from each peer, but i want to share  routes from Peer 1 with Peer 2 for my test setup before i reattempt in production. I was able to share the checkpoint connected networks, as well as static routes fine with combination of route redistribution / route map, but not the BGP routes from

Route redistribution allows to pick same FROM/TO AS# and add a filter, thought that might work but no luck.

How is the way to do this? I'm also stuggling on route distribution with WebUI vs route-map on CLI... when is the right scenario to use each?

0 Kudos
Reply
1 Solution

Accepted Solutions
Contributor
Hi Shawn,

For your enviroment, since all peers are sharing the same AS, I believe you need to enable "as override" and "allowas-in" in your BGP configuration.

Please look the GAIA Advanced Routing to get the commands or to do through WEBUI.

https://dl3.checkpoint.com/paid/69/69d1c6899e768ea0687857ec55d723d9/CP_R80.40_Gaia_Advanced_Routing_...

Regards,

View solution in original post

0 Kudos
Reply
8 Replies
Contributor
Hi Shawn,

For your enviroment, since all peers are sharing the same AS, I believe you need to enable "as override" and "allowas-in" in your BGP configuration.

Please look the GAIA Advanced Routing to get the commands or to do through WEBUI.

https://dl3.checkpoint.com/paid/69/69d1c6899e768ea0687857ec55d723d9/CP_R80.40_Gaia_Advanced_Routing_...

Regards,

View solution in original post

0 Kudos
Reply
Contributor
Thanks for the suggestion - it looks like to do this i have to change to an "External" group type, instead of Internal. Will see if i can get that working.
Participant

Hi Shawn,

 

If you wish to keep this purely iBGP setup, you may consider setting up a route refelector. "GAIA Advanced routing" briefly covers this subject.

Advisor

Keeping all things BGP this would be the correct BGP term. iBGP assumes all peers to be fully meshed.

Assume we have iBGP talkers A, B and C.

B will not tell A about C routes learned from C.

B will not tell C about A routes learned from A.

The reason for this is since iBGP is assumed to be full mesh then B assumes C and A have BGP sessions with each other. Route reflector is the correct term to overcome this.

Sounds pretty good right? BTW I have no idea how to configure that in Gaia so.. uh.. maybe what firewall1-gx said is how to do that? 😄

 

0 Kudos
Reply
Participant

In GAIA it should be rather simple — if you want to make your CheckPoint a reflector:

set bgp internal peer ##.##.##.# peer-type reflector-client

0 Kudos
Reply
Contributor

thanks for the suggestions - I did try route reflector but had no luck with that but in fairness we didn't open a case with TAC for assistance as we got a lot of feedback that OSPF was the more common option and moved on to that.

0 Kudos
Reply
Advisor

Make sure cluster members have the same router-id. Seems like a common configuration issue. Once its set you can only change it by removing the ospf config.

0 Kudos
Reply
Champion
Champion

That is one of the reasons to use cloning groups when using dynamic routing, so you don't configure things double and with mistakes.

Regards, Maarten
0 Kudos
Reply