Manage Routing Policies

How to automate routing policy management on PAN-OS with OpenConfig models.
See Routing Policy Behavior for more information about the naming conventions used for the openconfig-routing-policy model on PAN-OS.

Routing Policy Mapping for Redistribution Policies for BGP

The following request:
  • Creates redistribution policies.
  • Describes actions for the redistribution policies.
  • Applies the policies to BGP policies for the virtual router cgd.
gnmic -u admin -p password --timeout 300s -a firewallIP:9339 -e JSON_IETF set --update-path "/" --update-file routing-policy.json
The following is the contents of the routing-policy.json:
{ "routing-policy": { "defined-sets": { "neighbor-sets": { "neighbor-set": [ { "config": { "address": [ "192.168.11.2" ], "name": "cgd+redis+redis-fr-connect" }, "name": "cgd+redis+redis-fr-connect" } ] }, "prefix-sets": { "prefix-set": [ { "config": { "mode": "IPV4", "name": "cgd+redis+redis-fr-connect" }, "name": "cgd+redis+redis-fr-connect", "prefixes": { "prefix": [ { "config": { "ip-prefix": "2.2.2.2/32", "masklength-range": "exact" }, "ip-prefix": "2.2.2.2/32", "masklength-range": "exact" } ] } } ] } }, "policy-definitions": { "policy-definition": [ { "config": { "name": "cgd+bgp+redis-fr-connect" }, "name": "cgd+bgp+redis-fr-connect", "statements": { "statement": [ { "actions": { "config": { "policy-result": "ACCEPT_ROUTE" }, "bgp-actions": { "config": { "set-local-pref": 4000, "set-med": 321, "set-route-origin": "INCOMPLETE" }, "set-community": { "config": { "method": "INLINE", "options": "REPLACE" }, "inline": { "config": { "communities": [ "4000:1234" ] } } }, "set-ext-community": { "config": { "method": "INLINE", "options": "REPLACE" }, "inline": { "config": { "communities": [ "target:4000:1234" ] } } } } }, "conditions": { "match-interface": { "config": { "interface": "ethernet1/1" } }, "match-neighbor-set": { "config": { "neighbor-set": "cgd+redis+redis-fr-connect" } }, "match-prefix-set": { "config": { "prefix-set": "cgd+redis+redis-fr-connect" } } }, "config": { "name": "redis-fr-connect" }, "name": "redis-fr-connect" } ] } } ] } } }

Routing Policy Mapping for Redistribution Policies for OSPFv2

The following request:
  • Creates redistribution policies.
  • Describes actions for the redistribution policies.
  • Applies the policies to OSPFv2 policies for the virtual router cgd.
gnmic -u admin -p password --timeout 300s -a firewallIP:9339 -e JSON_IETF set --update-path "/" --update-file routing-policy.json
The following is the contents of the routing-policy.json:
{ "routing-policy": { "policy-definitions": { "policy-definition": [ { "config": { "name": "cgd+ospfv2+redis-fr-connect" }, "name": "cgd+ospfv2+redis-fr-connect", "statements": { "statement": [ { "actions": { "ospf-actions": { "set-metric": { "config": { "metric": 23345, "metric-type": "EXTERNAL_TYPE_2" } } } }, "config": { "name": "redis-fr-connect" }, "name": "redis-fr-connect" } ] } } ] } } }

Recommended For You