Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
zhangchuang
Contributor
Jump to solution

BGP routing information The status of the route is Hidden and Rank:N/A

Hello fellow Check Mates, 

The customer configures the following configurations on the peer BGP:

bgp 65015

graceful-restart

peer 172.16.40.78 as-number 65115

peer 172.16.40.78 bfd min-tx-interval 300 min-rx-interval 300

peer 172.16.40.78 bfd enable

peer 172.16.70.78 as-number 65500

peer 172.16.70.78 bfd min-tx-interval 300 min-rx-interval 300

peer 172.16.70.78 bfd enable

peer 198.19.210.85 as-number 18084

peer 198.19.210.85 bfd min-tx-interval 300 min-rx-interval 300

peer 198.19.210.85 bfd enable

#

ipv4-family unicast

  undo synchronization

  import-route direct

  import-route static

  peer 172.16.40.78 enable               

  peer 172.16.40.78 route-policy MAP-CX-IN import

  peer 172.16.70.78 enable

  peer 172.16.70.78 route-policy AS-PATH import

  peer 172.16.70.78 route-policy AS-PATH export

  peer 198.19.210.85 enable

#

route-policy AS-PATH permit node 10

if-match ip-prefix AS-PATH

apply as-path 65500 65500 65500 65500 65500 65500 65500 65500 65500 65500 additive

#

ip ip-prefix AS-PATH index 10 permit 192.168.99.0 24

ip ip-prefix AS-PATH index 20 permit 10.7.0.0 19

 

After A Route-policy is added, the status of the route received by the checkpoint firewall is displayed as Hidden and Rank:N/A

The BGP configurations of the checkpoint firewall are as follows:

set bgp external remote-as 65015 on

set bgp external remote-as 65015 peer 172.16.70.65 on

set bgp external remote-as 65015 peer 172.16.70.65 ping on

set bgp external remote-as 65025 on

set bgp external remote-as 65025 peer 172.16.80.65 on

set bgp external remote-as 65025 peer 172.16.80.65 ping on

0015.png

Please help to analyze the cause of this, thank you!

0 Kudos
1 Solution

Accepted Solutions
Chris_Atkinson
Employee Employee
Employee

Local AS and the as-path prepend are the same value, if I recall correctly this would break BGP rules.

If this is absolutely necessary you may need to look at the allow-as-in-count feature to "bend" loop prevention. 

CCSM R77/R80/ELITE

View solution in original post

0 Kudos
6 Replies
Chris_Atkinson
Employee Employee
Employee

Local AS and the as-path prepend are the same value, if I recall correctly this would break BGP rules.

If this is absolutely necessary you may need to look at the allow-as-in-count feature to "bend" loop prevention. 

CCSM R77/R80/ELITE
0 Kudos
Blason_R
Leader
Leader

Or as-override to accept that as a route else @Chris_Atkinson said it will not install the route in route table. Though you can see in received route

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
zhangchuang
Contributor

If I change the value of the AS path prefix, can I solve this problem?

0 Kudos
Blason_R
Leader
Leader

Nope it won't I believe - This is what you are receiving the routes correct? I guess you will have to use as-override 

e.g. - In my scenario

set bgp external remote-as 65001 peer 192.168.203.153 allowas-in-count 5

Where my BGP AS and remote BGP AS was same and we had a carrier in between which was not overriding the AS hence I had to do it on firewall

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Chris_Atkinson
Employee Employee
Employee

Probably the as-path needs to be changed yes (to the remote-as) or better use a different method altogether such as local preference/med etc.

Usually you would only prepend your own AS number on outbound route advertisements. 

CCSM R77/R80/ELITE
0 Kudos
zhangchuang
Contributor

I now ask the BGP on the opposite side to change the AS path prefix. At present, normal routes can be obtained. Thank you for your support.00001.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events