Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Shawn_Fletcher
Contributor

BGP help

Jump to solution

Hi there

First time BGP setup with checkpoint (r80.40)

I've got a new environment and trying to setup a Cisco VSS with multiple VRFs that terminate to 16000 checkpoint. So multiple internal BGP peers with same AS #, i have received the routes fine from each peer, but i want to share  routes from Peer 1 with Peer 2 for my test setup before i reattempt in production. I was able to share the checkpoint connected networks, as well as static routes fine with combination of route redistribution / route map, but not the BGP routes from

Route redistribution allows to pick same FROM/TO AS# and add a filter, thought that might work but no luck.

How is the way to do this? I'm also stuggling on route distribution with WebUI vs route-map on CLI... when is the right scenario to use each?

0 Kudos
1 Solution

Accepted Solutions
firewall1-gx
Contributor
Hi Shawn,

For your enviroment, since all peers are sharing the same AS, I believe you need to enable "as override" and "allowas-in" in your BGP configuration.

Please look the GAIA Advanced Routing to get the commands or to do through WEBUI.

https://dl3.checkpoint.com/paid/69/69d1c6899e768ea0687857ec55d723d9/CP_R80.40_Gaia_Advanced_Routing_...

Regards,

View solution in original post

0 Kudos
8 Replies
firewall1-gx
Contributor
Hi Shawn,

For your enviroment, since all peers are sharing the same AS, I believe you need to enable "as override" and "allowas-in" in your BGP configuration.

Please look the GAIA Advanced Routing to get the commands or to do through WEBUI.

https://dl3.checkpoint.com/paid/69/69d1c6899e768ea0687857ec55d723d9/CP_R80.40_Gaia_Advanced_Routing_...

Regards,

View solution in original post

0 Kudos
Shawn_Fletcher
Contributor
Thanks for the suggestion - it looks like to do this i have to change to an "External" group type, instead of Internal. Will see if i can get that working.
Boris_Karnaukh
Participant

Hi Shawn,

 

If you wish to keep this purely iBGP setup, you may consider setting up a route refelector. "GAIA Advanced routing" briefly covers this subject.

John_Fleming
Advisor

Keeping all things BGP this would be the correct BGP term. iBGP assumes all peers to be fully meshed.

Assume we have iBGP talkers A, B and C.

B will not tell A about C routes learned from C.

B will not tell C about A routes learned from A.

The reason for this is since iBGP is assumed to be full mesh then B assumes C and A have BGP sessions with each other. Route reflector is the correct term to overcome this.

Sounds pretty good right? BTW I have no idea how to configure that in Gaia so.. uh.. maybe what firewall1-gx said is how to do that? 😄

 

0 Kudos
Boris_Karnaukh
Participant

In GAIA it should be rather simple — if you want to make your CheckPoint a reflector:

set bgp internal peer ##.##.##.# peer-type reflector-client

0 Kudos
Shawn_Fletcher
Contributor

thanks for the suggestions - I did try route reflector but had no luck with that but in fairness we didn't open a case with TAC for assistance as we got a lot of feedback that OSPF was the more common option and moved on to that.

0 Kudos
John_Fleming
Advisor

Make sure cluster members have the same router-id. Seems like a common configuration issue. Once its set you can only change it by removing the ospf config.

0 Kudos
Maarten_Sjouw
Champion
Champion

That is one of the reasons to use cloning groups when using dynamic routing, so you don't configure things double and with mistakes.

Regards, Maarten
0 Kudos