{"id":409,"date":"2022-09-21T17:12:13","date_gmt":"2022-09-21T22:12:13","guid":{"rendered":"https:\/\/cloudlearning365.com\/?p=409"},"modified":"2022-10-14T09:34:27","modified_gmt":"2022-10-14T14:34:27","slug":"create-bgp-over-gre-tunnel-between-aviatrix-transit-and-palo-alto-firewall","status":"publish","type":"post","link":"https:\/\/cloudlearning365.com\/?p=409","title":{"rendered":"Create BGP over GRE tunnel between Aviatrix Transit and Palo Alto Firewall"},"content":{"rendered":"\n<p>Here&#8217;s a case where customer wants to create BGP over GRE tunnels between Palo Alto Firewall and Aviatrix Transit Gateways. Palo Alto have some articles but not very clear, this blog will serve as a reminder how this is done. Credit to <a href=\"https:\/\/www.linkedin.com\/in\/pbomma-b8868282\/\">Pranay <\/a>for helping out the BGP peering part on Palo.<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>This is a simplified lab environment<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"550\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-14-1024x550.png\" alt=\"\" class=\"wp-image-412\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-14-1024x550.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-14-300x161.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-14-768x413.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-14.png 1171w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Palo Alto instance need to disable Source\/Destination Check<\/li><li>A loopback IP 192.168.101.101 have been added to Palo Alto<\/li><li>Aviatrix Transit VPC Subnet Route Table need to be modified so it will send traffic target to 192.168.101.101 towards the eni of Palo&#8217;s LAN interface<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"467\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-15-1024x467.png\" alt=\"\" class=\"wp-image-413\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-15-1024x467.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-15-300x137.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-15-768x351.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-15.png 1135w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Make sure Transit GW and Palo security group are allowing ICMP ping to each other, this helps to make sure basic connectivity is there.<\/li><li>In Palo create Management Profile to allow ICMP and link the profile to the loopback adapter<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"788\" height=\"685\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-18.png\" alt=\"\" class=\"wp-image-416\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-18.png 788w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-18-300x261.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-18-768x668.png 768w\" sizes=\"auto, (max-width: 788px) 100vw, 788px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"714\" height=\"443\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-17.png\" alt=\"\" class=\"wp-image-415\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-17.png 714w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-17-300x186.png 300w\" sizes=\"auto, (max-width: 714px) 100vw, 714px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Make sure Palo have return route going through it&#8217;s LAN interface, in this example, LAN interface is using DHCP and you can retrieve it&#8217;s default gateway from it&#8217;s status page:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"859\" height=\"429\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-20.png\" alt=\"\" class=\"wp-image-418\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-20.png 859w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-20-300x150.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-20-768x384.png 768w\" sizes=\"auto, (max-width: 859px) 100vw, 859px\" \/><\/figure>\n\n\n\n<p>Static route:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"368\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-19-1024x368.png\" alt=\"\" class=\"wp-image-417\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-19-1024x368.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-19-300x108.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-19-768x276.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-19.png 1242w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Create policy to allow any to any for easier troubleshooting. (Obviously lock down in production)<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"49\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-48-1024x49.png\" alt=\"\" class=\"wp-image-453\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-48-1024x49.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-48-300x14.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-48-768x36.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-48-1536x73.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-48.png 1623w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Ping from Transit GW to Palo Loopback and vise versa<\/li><\/ul>\n\n\n\n<p>From Transit GW -&gt; Palo Loopback<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"837\" height=\"511\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-21.png\" alt=\"\" class=\"wp-image-419\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-21.png 837w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-21-300x183.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-21-768x469.png 768w\" sizes=\"auto, (max-width: 837px) 100vw, 837px\" \/><\/figure>\n\n\n\n<p>From Palo Loopback -&gt; Transit GW<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"756\" height=\"215\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-22.png\" alt=\"\" class=\"wp-image-420\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-22.png 756w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-22-300x85.png 300w\" sizes=\"auto, (max-width: 756px) 100vw, 756px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Enable BGP and setup AS number in Palo. Router ID would be just any IP on the virtual router. Choose Install Route<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"526\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-26-1024x526.png\" alt=\"\" class=\"wp-image-424\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-26-1024x526.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-26-300x154.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-26-768x395.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-26.png 1132w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>In Aviatrix Controller -&gt; Multi-Cloud Transit -&gt; Setup -&gt; External connections, use the loopback IP as the remote gateway address and Check &#8220;Over Private Network&#8221;, enter Palo&#8217;s ASN number<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"672\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-25-1024x672.png\" alt=\"\" class=\"wp-image-423\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-25-1024x672.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-25-300x197.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-25-768x504.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-25.png 1255w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>In Aviatrix Controller -&gt; Site2Cloud -&gt; Setup, select the connection created in last step, then click on Edit<\/li><li>Suggest you download two configurations, one for CISCO CSR, one for Generic<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"322\" height=\"239\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-27.png\" alt=\"\" class=\"wp-image-425\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-27.png 322w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-27-300x223.png 300w\" sizes=\"auto, (max-width: 322px) 100vw, 322px\" \/><\/figure>\n\n\n\n<p>Sample Cisco CSR configuration <\/p>\n\n\n\n<div class=\"wp-block-file\"><a id=\"wp-block-file--media-d5b9d66b-d5e2-4146-9a5d-69f398b33a10\" href=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/vpc-07d026cea4e47643a-palo-1.txt\">vpc-07d026cea4e47643a-palo-1<\/a><a href=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/vpc-07d026cea4e47643a-palo-1.txt\" class=\"wp-block-file__button\" download aria-describedby=\"wp-block-file--media-d5b9d66b-d5e2-4146-9a5d-69f398b33a10\">Download<\/a><\/div>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"321\" height=\"228\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-28.png\" alt=\"\" class=\"wp-image-426\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-28.png 321w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-28-300x213.png 300w\" sizes=\"auto, (max-width: 321px) 100vw, 321px\" \/><\/figure>\n\n\n\n<p>Sample Generic configuration<\/p>\n\n\n\n<div class=\"wp-block-file\"><a id=\"wp-block-file--media-f0b95796-5a7d-474f-bf90-99420168dba6\" href=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/vpc-07d026cea4e47643a-palo-2.txt\">vpc-07d026cea4e47643a-palo-2<\/a><a href=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/vpc-07d026cea4e47643a-palo-2.txt\" class=\"wp-block-file__button\" download aria-describedby=\"wp-block-file--media-f0b95796-5a7d-474f-bf90-99420168dba6\">Download<\/a><\/div>\n\n\n\n<p>For GRE tunnels, Cisco&#8217;s configuration is a bit more clearly.<\/p>\n\n\n\n<p>You can see the inner IP of each tunnel, and the tunnel source would be Palo&#8217;s loopback IP, and tunnel destination would be Aviatrix Transit Primary\/HA gateway&#8217;s LAN IP<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"649\" height=\"745\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-29.png\" alt=\"\" class=\"wp-image-429\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-29.png 649w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-29-261x300.png 261w\" sizes=\"auto, (max-width: 649px) 100vw, 649px\" \/><\/figure>\n\n\n\n<p>Generic configuration is a bit more busy, since I have high performance encryption enabled, it listed all secondary IP of the Aviatrix Transit GW LAN interface. But the tunnel inside IP is in good order.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"301\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-30-1024x301.png\" alt=\"\" class=\"wp-image-430\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-30-1024x301.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-30-300x88.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-30-768x226.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-30-1536x451.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-30.png 1822w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>On Palo configure Tunnel interfaces:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"897\" height=\"570\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-31.png\" alt=\"\" class=\"wp-image-431\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-31.png 897w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-31-300x191.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-31-768x488.png 768w\" sizes=\"auto, (max-width: 897px) 100vw, 897px\" \/><\/figure>\n\n\n\n<p>Add the corresponding 169.254.x.x\/30 inner tunnel IP  <\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"253\" height=\"207\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-32.png\" alt=\"\" class=\"wp-image-432\"\/><\/figure>\n\n\n\n<p>Make sure to allow ICMP on the tunnel interface, or GRE keep alive will fail.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"287\" height=\"229\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-33.png\" alt=\"\" class=\"wp-image-433\"\/><\/figure>\n\n\n\n<p>Example of tunnel diagnostics if ICMP isn&#8217;t allowed on tunnel interface, note it need ICMP against both loopback and tunnel interface<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"697\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-34-1024x697.png\" alt=\"\" class=\"wp-image-434\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-34-1024x697.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-34-300x204.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-34-768x522.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-34.png 1135w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Create GRE tunnel from Palo, use the same loopback IP to create two tunnels against the LAN interface of Aviatrix Transit Gateways. Use the corresponding tunnel interfaces created earlier<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"590\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-35-1024x590.png\" alt=\"\" class=\"wp-image-435\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-35-1024x590.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-35-300x173.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-35-768x442.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-35.png 1063w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>The GRE tunnel should now be up, if not run diagnostics to figure out why<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"49\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-36.png\" alt=\"\" class=\"wp-image-436\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-36.png 600w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-36-300x25.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"707\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-37-1024x707.png\" alt=\"\" class=\"wp-image-437\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-37-1024x707.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-37-300x207.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-37-768x530.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-37.png 1057w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"377\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-38-1024x377.png\" alt=\"\" class=\"wp-image-438\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-38-1024x377.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-38-300x110.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-38-768x283.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-38.png 1434w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Configure BGP Peer Group on Palo, use the same 169.254.x.x\/30 pair as neighbor to each other.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"407\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-39-1024x407.png\" alt=\"\" class=\"wp-image-439\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-39-1024x407.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-39-300x119.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-39-768x305.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-39.png 1055w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Enable ECMP Multiple AS Support as we are using two GRE tunnels <\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"856\" height=\"371\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-43.png\" alt=\"\" class=\"wp-image-443\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-43.png 856w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-43-300x130.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-43-768x333.png 768w\" sizes=\"auto, (max-width: 856px) 100vw, 856px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>To confirm if BGP is up<\/li><li>On Palo -&gt; Virtual Routers -&gt; More Runtime Status<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"913\" height=\"274\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-40.png\" alt=\"\" class=\"wp-image-440\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-40.png 913w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-40-300x90.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-40-768x230.png 768w\" sizes=\"auto, (max-width: 913px) 100vw, 913px\" \/><\/figure>\n\n\n\n<p>The 10.101.0.0\/24 route is learned from Aviatrix Transit, and the range is an Aviatrix Spoke. <\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"746\" height=\"395\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-41.png\" alt=\"\" class=\"wp-image-441\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-41.png 746w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-41-300x159.png 300w\" sizes=\"auto, (max-width: 746px) 100vw, 746px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>On Aviatrix side:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"238\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-45-1024x238.png\" alt=\"\" class=\"wp-image-445\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-45-1024x238.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-45-300x70.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-45-768x179.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-45-1536x358.png 1536w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-45.png 1632w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"379\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-46-1024x379.png\" alt=\"\" class=\"wp-image-446\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-46-1024x379.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-46-300x111.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-46-768x284.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-46.png 1247w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"476\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-47-1024x476.png\" alt=\"\" class=\"wp-image-447\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-47-1024x476.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-47-300x139.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-47-768x357.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-47.png 1429w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Test BGP advertisement from Palo:<\/li><li>On Palo Alto, create a new loopback interface 192.168.200.200\/32, assign the same management profile of allow ICMP ping<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"613\" height=\"230\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-49.png\" alt=\"\" class=\"wp-image-456\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-49.png 613w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-49-300x113.png 300w\" sizes=\"auto, (max-width: 613px) 100vw, 613px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>On the default virtual router -&gt; BGP -&gt; Redist Rules -&gt; Add a rule to redistribute 192.168.200.200\/32 into <strong>ebgp<\/strong><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"659\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-50-1024x659.png\" alt=\"\" class=\"wp-image-457\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-50-1024x659.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-50-300x193.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-50-768x494.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-50.png 1337w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>On Aviatrix side, we can see the route been advertised<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"519\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-51-1024x519.png\" alt=\"\" class=\"wp-image-458\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-51-1024x519.png 1024w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-51-300x152.png 300w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-51-768x389.png 768w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-51.png 1175w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Ping from test machine in aviatrix spoke also works<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"754\" height=\"218\" src=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-52.png\" alt=\"\" class=\"wp-image-459\" srcset=\"https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-52.png 754w, https:\/\/cloudlearning365.com\/wp-content\/uploads\/2022\/09\/image-52-300x87.png 300w\" sizes=\"auto, (max-width: 754px) 100vw, 754px\" \/><\/figure>\n\n\n\n<p> <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here&#8217;s a case where customer wants to create BGP over GRE tunnels between Palo Alto Firewall and Aviatrix Transit Gateways. Palo Alto have some articles but not very clear, this blog will serve as a reminder how this is done. &hellip; <a href=\"https:\/\/cloudlearning365.com\/?p=409\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2,3,7],"tags":[],"class_list":["post-409","post","type-post","status-publish","format-standard","hentry","category-aviatrix","category-aws","category-palo_alto"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/409","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=409"}],"version-history":[{"count":6,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/409\/revisions"}],"predecessor-version":[{"id":687,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=\/wp\/v2\/posts\/409\/revisions\/687"}],"wp:attachment":[{"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=409"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=409"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudlearning365.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=409"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}