Multiprotocol BGP

BGP supports IPv4 unicast prefixes, but a BGP network that uses IPv4 multicast routes or IPv6 unicast prefixes needs Multiprotocol BGP (MP-BGP) in order to exchange routes of address types other than IPv4 unicast. The firewall now supports MP-BGP, which means you have IPv6 connectivity to your BGP networks that use native IPv6 or dual stack IPv4 and IPv6. Service providers can offer IPv6 service to their customers, and enterprises can use IPv6 service from service providers.
MP-BGP uses Network Layer Reachability Information (NLRI) in a Multiprotocol Reachable NLRI attribute that the firewall sends and receives in BGP Update packets. The attribute contains information about the destination prefix:
  • The Address Family Identifier (AFI) indicates that the destination prefix is an IPv4 or IPv6 address.
  • The Subsequent Address Family Identifier (SAFI) in PAN-OS indicates that the destination prefix is a unicast or multicast address (if the AFI is IPv4), or that the destination prefix is a unicast address (if the AFI is IPv6). PAN-OS does not support IPv6 multicast.
If you enable MP-BGP for IPv4 multicast or if you configure an IPv4 multicast static route, the firewall supports separate unicast and multicast route tables for static routes. You might want to separate unicast and multicast traffic going to the same destination because, for example, your multicast traffic is critical, so you need it to take fewer hops or undergo less latency.
You can also exercise more control over how BGP functions by configuring BGP to use routes from only the unicast or multicast route table (or both) when BGP imports or exports routes, sends conditional advertisements, or performs route redistribution or route aggregation. You can also now Redistribute IPv6 Routes from BGP and OSPFv3.

Related Documentation