BGP supports IPv4 unicast prefixes, but a
BGP network that uses IPv4 multicast routes or IPv6 unicast prefixes
needs Multiprotocol BGP (MP-BGP) in order to exchange
routes of address types other than IPv4 unicast. The firewall now
supports MP-BGP, which means you have IPv6 connectivity to your BGP
networks that use native IPv6 or dual stack IPv4 and IPv6. Service
providers can offer IPv6 service to their customers, and enterprises
can use IPv6 service from service providers.
MP-BGP uses Network
Layer Reachability Information (NLRI) in a Multiprotocol Reachable
NLRI attribute that the firewall sends and receives in BGP Update
packets. The attribute contains information about the destination
The Address Family Identifier (AFI) indicates
that the destination prefix is an IPv4 or IPv6 address.
The Subsequent Address Family Identifier (SAFI) in PAN-OS
indicates that the destination prefix is a unicast or multicast
address (if the AFI is IPv4), or that the destination prefix is
a unicast address (if the AFI is IPv6). PAN-OS does not support
If you enable MP-BGP for IPv4 multicast
or if you configure an IPv4 multicast static route, the firewall
supports separate unicast and multicast route tables for static
routes. You might want to separate unicast and multicast traffic
going to the same destination because, for example, your multicast
traffic is critical, so you need it to take fewer hops or undergo less
You can also exercise more control over how BGP functions
by configuring BGP to use routes from only the unicast or multicast
route table (or both) when BGP imports or exports routes, sends
conditional advertisements, or performs route redistribution or
route aggregation. You can also now Redistribute IPv6 Routes from
BGP and OSPFv3.
Enable MP-BGP for a peer to use IPv4
or IPv6 unicast.