PAN-OS OpenConfig Administrator’s Guide
    : Local Routes
    Focus
    Download PDF
    Focus
    1. Home
    2. OpenConfig
    3. PAN-OS OpenConfig Administrator’s Guide
    4. OpenConfig Models
    5. Local Routes
    Download PDF

    PAN-OS OpenConfig Administrator’s Guide

    Local Routes

    Table of Contents

    Local Routes

    Getting started with local routing model using the PAN-OS OpenConfig plugin.
    The OpenConfig model for Static Routes differs from the model used in PAN-OS:
    • In PAN-OS static routes are organized in a flat list with a single next-hop member per route. If multiple next hops are needed for a given destination (prefix) then you must create multiple static routes.
    • In OpenConfig static routes are organized in a hierarchy containing a list of next-hops members per each destination.
    • PAN-OS requires each static route to have its own unique name while in OpenConfig the static route key is the destination.
    • The OpenConfig configuration only supports next-hop type IP addresses.
    • Local-aggregates are supported only if created with OpenConfig.
    When rendering an existing PAN-OS configuration into OpenConfig some values like the next-hop index are synthesized using low collision hash functions. Static routes configured from the gNMI client contain metadata like the next-hop index must be stored somewhere in order to achieve consistent future responses and a unique name must be synthesized for each route in order for PAN-OS to accept the routes. For this reason, unique route name is automatically generated by using a fixed-length Base64 prefix encoding the metadata plus an optional route description.

    Set a Local Route

    You can set a local route in your routing table by sending this example call. This call would set the local route for 13.13.13.0/24 where the next hop is at 100.100.100.100.
    A gNMI set call to the firewall: 
    gnmic
					-a 10.1.1.1:9339 -u username -p password --skip-verify -e JSON_IETF
					set --update /local-routes/static-routes/static[prefix=13.13.13.0/24]/next-hops/next-hop[index=14598]/next-hop:::string:::100.100.100.100
					--timeout 300s
     A successful update response returns:
					Set Response:
					{
					"timestamp": 1614407795067600530,
					"time": "2021-02-26T22:36:35.06760053-08:00",
					"results": [
					{
					"operation": "UPDATE",
					"path": "local-routes/static-routes/static[prefix=13.13.13.0/24]/next-hops/next-hop[index=14598]/next-hop"
					}
					]

    Retrieve Local Routes

    You can retrieve a list of local routes using a gNMI call with this example call:
    gnmic
					-a 10.1.1.1:9339 -u username -p password --skip-verify -e JSON_IETF
					get --path /local-routes --timeout 300s
    The following result confirms a successful get request: 
    
					{
					"static-routes":{
					"static":[
					{
					"config":{
					"description":"",
					"prefix":"13.13.13.0/24",
					"set-tag":""
					},
					"next-hops":{
					"next-hop":[
					{
					"config":{
					"index":"14598",
					"metric":10,
					"next-hop":"100.100.100.100",
					"recurse":true
					},
					"index":"14598",
					"state":{
					"index":"14598",
					"metric":10,
					"next-hop":"100.100.100.100",
					"recurse":true
					}
					}
					]
					},
					"prefix":"99.99.99.99/32",
					"state":{
					"description":"",
					"prefix":"13.13.13.0/24",
					"set-tag":""
					}
					}
					]
					}
					}

    © 2024 Palo Alto Networks, Inc. All rights reserved.