BGP supports IPv4 unicast prefixes, but a BGP network
that uses IPv4 multicast routes or IPv6 unicast prefixes needs multiprotocol
BGP (MP-BGP) in order to exchange routes of address types other
than IPv4 unicast. MP-BGP allows BGP peers to carry IPv4 multicast
routes and IPv6 unicast routes in Update packets, in addition to
the IPv4 unicast routes that BGP peers can carry without MP-BGP
enabled.
In this way, MP-BGP provides IPv6 connectivity to your BGP networks
that use either native IPv6 or dual stack IPv4 and IPv6. Service
providers can offer IPv6 service to their customers, and enterprises
can use IPv6 service from service providers. The firewall and a
BGP peer can communicate with each other using IPv6 addresses.
In order for BGP to support multiple network-layer protocols
(other than BGP for IPv4), Multiprotocol Extensions for BGP-4 (RFC 4760) use Network Layer Reachability
Information (NLRI) in a Multiprotocol Reachable NLRI attribute that
the firewall sends and receives in BGP Update packets. That attribute
contains information about the destination prefix, including these
two identifiers:
The Address Family Identifier (AFI), as defined by the
IANA in Address Family Numbers,
indicates that the destination prefix is an IPv4 or IPv6 address.
(PAN-OS supports IPv4 and IPv6 AFIs.)
The Subsequent Address Family Identifier (SAFI) in PAN-OS
indicates that the destination prefix is a unicast or multicast
address (if the AFI is IPv4), or that the destination prefix is
a unicast address (if the AFI is IPv6). PAN-OS does not support
IPv6 multicast.
If you enable MP-BGP for IPv4 multicast or if you configure a
multicast static route, the firewall supports separate unicast and
multicast route tables for static routes. You might want to separate
the unicast and multicast traffic going to the same destination.
The multicast traffic can take a different path from unicast traffic
because, for example, your multicast traffic is critical, so you
need it to be more efficient by having it take fewer hops or undergo
less latency.
You can also exercise more control over how BGP functions by
configuring BGP to use routes from only the unicast or multicast
route table (or both) when BGP imports or exports routes, sends
conditional advertisements, or performs route redistribution or
route aggregation.
You can decide to use a dedicated multicast RIB (route table)
by enabling MP-BGP and selecting the Address Family of IPv4 and
Subsequent Address Family of multicast or by installing an IPv4
static route in the multicast route table. After you do either of
those methods to use the multicast RIB, the firewall uses the multicast
RIB for all multicast routing and reverse path forwarding (RPF).
If you prefer to use the unicast RIB for all routing (unicast and
multicast), you should not enable the multicast RIB by either method.
In the following figure, a static route to 192.168.10.0/24 is
installed in the unicast route table, and its next hop is 198.51.100.2.
However, multicast traffic can take a different path to a private
MPLS cloud; the same static route is installed in the multicast
route table with a different next hop (198.51.100.4) so that its
path is different.
Using separate unicast and multicast route tables gives you more
flexibility and control when you configure these BGP functions:
Install an IPv4 static route into the unicast or multicast
route table, or both, as described in the preceding example. (You
can install an IPv6 static route into the unicast route table only).
Create an Import rule so that any prefixes that match the
criteria are imported into the unicast or multicast route table,
or both.
Create an Export rule so that prefixes that match the criteria
are exported (sent to a peer) from the unicast or multicast route
table, or both.
Configure a conditional advertisement with a Non Exist filter
so that the firewall searches the unicast or multicast route table
(or both) to ensure the route doesn’t exist in that table, and so
the firewall advertises a different route.
Configure a conditional advertisement with an Advertise filter
so that the firewall advertises routes matching the criteria from
the unicast or multicast route table, or both.
Redistribute a route that appears in the unicast or multicast
route table, or both.
Configure route aggregation with an advertise filter so that
aggregated routes to be advertised come from the unicast or multicast
route table, or both.
Conversely, configure route aggregation with a suppress filter
so that aggregated routes that should be suppressed (not advertised)
come from the unicast or multicast route table, or both.
When you configure a peer with MP-BGP using an Address Family
of IPv6, you can use IPv6 addresses in the Address Prefix and Next
Hop fields of an Import rule, Export rule, Conditional Advertisement
(Advertise Filter and Non Exist Filter), and Aggregate rule (Advertise
Filter, Suppress Filter, and Aggregate Route Attribute).