Hi bluedove84, I remember you had some questions regarding this topology a while back. I'm curious to know why the same /28 is used in different sites. are you using anycast or something like that? is this prefix expected to be received from FW1/2 by design? some additional info would be helpful.
if this behavior is not expected, and you simply want to rely on the default route, you can modify the two policies we discussed on the other thread (import/export) to actually reject the route from customer or customers firewall if its not needed. if this prefix from downstream firewall (and other sites) is needed for some backup failover mechanism, then one option is to inject the /28 from all sites into BGP and then modify LP for each site to control what site uses what route. for example for Site-A you will end up receiving /28 from 3 directions. site A will have a higher pref for prefix received from ISP while lower pref is assigned to FW routes.
hope this helps :)
Original Message:
Sent: 07-20-2021 11:53
From: junos sky
Subject: How to prefer route at remote site rather through BGP neighbor
Hello,
We have a scenario as attached where a particular route is preferred via default route coming from other site. But as more specific route is available the traffic is forced via BGP neighbor which blocks this route.
The main goal here is to route 172.22.174.144/28 via Site A but at Site B traffic stops working as soon as BGP neighborship to their FW1 is activated.
------------------------------
junos sky
------------------------------