I'm trying to redistribute a static default route into the BGP RIB on a Palo Alto box.
The redistribution works, but it's taking unwanted routes along with it.
The config looks like:
set network virtual-router VR_A protocol redist-profile VR_A_DEF2BGP filter type static set network virtual-router VR_A protocol redist-profile VR_A_DEF2BGP filter destination 0.0.0.0/0 set network virtual-router VR_A protocol redist-profile VR_A_DEF2BGP priority 100 set network virtual-router VR_A protocol redist-profile VR_A_DEF2BGP action redist set network virtual-router VR_A protocol bgp redist-rules VR_A_DEF2BGP address-family-identifier ipv4 set network virtual-router VR_A protocol bgp redist-rules VR_A_DEF2BGP route-table unicast set network virtual-router VR_A protocol bgp redist-rules VR_A_DEF2BGP enable yes set network virtual-router VR_A protocol bgp redist-rules VR_A_DEF2BGP set-origin incomplete set network virtual-router VR_A protocol bgp allow-redist-default-route yes
I'm starting to suspect that the filter destination 0.0.0.0/0
isn't a specific match for the default route, but rather is catching all routes, allows anything to be redistributed.
I can kill the unwanted routes by intercepting them with a higher priority (numerically lower) redist-profile
configured with action no-redist
, but I don't want to enumerate every possible route that I don't want.
Maybe there's a filter exact-match
keyword or something? What's the right way to do this?
No comments:
Post a Comment