https://live.paloaltonetworks.com/t5/general-topics/how-and-when-to-use-arp-loadsharing-and-floating-ip-upstream/m-p/546298#M111662 <P>How and when to use ARP-Loadsharing and Floating IP - Upstream/Uplinks</P> <P>Hello Live comunity, how are you all doing.</P> <P>In the use cases you can see that the use of ARP Load-sharing or IP Floating, ARP is used thinking in the access to the Gateway vs IP Floating that is something more like fail-over more like an active/passive so to speak, than ARP Load-sharing that distributes vs Ip floating that acts as fail over.</P> <P>&nbsp;</P> <P>-Why wouldn't you use ARP Loadsharing or when would you use it thinking purely in Upstream/Uplinks?</P> <P>-I was thinking in cases where the external/IP or Uplinks/Upstream interface of the HA Firewall, is a route of some router or superior device, that points to the HA IP, ARP-Load sharing, could in this case point to an ARP Loadsharing IP as well or not ?</P> <P>-Now thinking about if it is a totally edge firewall, perimeter, where it has DNAT, and so on, maybe there we have limitations of using ARP loadsharing vs IP Flaoting.</P> <P>&nbsp;</P> <P>If someone has already worked too much with HA Active/Active firewall or has mastered very well the theory and concepts regarding the use in Uplinks/Upstream, where to use ARP-Loadsharing / IP Floating. Or anyone who wants to add their comments.</P> <P>&nbsp;</P> <P>Thank you very much for your time, your collaboration and your comments.</P> <P>Best regards</P> Sat, 17 Jun 2023 04:27:24 GMT Metgatz 2023-06-17T04:27:24Z https://live.paloaltonetworks.com/t5/general-topics/how-and-when-to-use-arp-loadsharing-and-floating-ip-upstream/m-p/546298#M111662 <P>How and when to use ARP-Loadsharing and Floating IP - Upstream/Uplinks</P> <P>Hello Live comunity, how are you all doing.</P> <P>In the use cases you can see that the use of ARP Load-sharing or IP Floating, ARP is used thinking in the access to the Gateway vs IP Floating that is something more like fail-over more like an active/passive so to speak, than ARP Load-sharing that distributes vs Ip floating that acts as fail over.</P> <P>&nbsp;</P> <P>-Why wouldn't you use ARP Loadsharing or when would you use it thinking purely in Upstream/Uplinks?</P> <P>-I was thinking in cases where the external/IP or Uplinks/Upstream interface of the HA Firewall, is a route of some router or superior device, that points to the HA IP, ARP-Load sharing, could in this case point to an ARP Loadsharing IP as well or not ?</P> <P>-Now thinking about if it is a totally edge firewall, perimeter, where it has DNAT, and so on, maybe there we have limitations of using ARP loadsharing vs IP Flaoting.</P> <P>&nbsp;</P> <P>If someone has already worked too much with HA Active/Active firewall or has mastered very well the theory and concepts regarding the use in Uplinks/Upstream, where to use ARP-Loadsharing / IP Floating. Or anyone who wants to add their comments.</P> <P>&nbsp;</P> <P>Thank you very much for your time, your collaboration and your comments.</P> <P>Best regards</P> Sat, 17 Jun 2023 04:27:24 GMT https://live.paloaltonetworks.com/t5/general-topics/how-and-when-to-use-arp-loadsharing-and-floating-ip-upstream/m-p/546298#M111662 Metgatz 2023-06-17T04:27:24Z https://live.paloaltonetworks.com/t5/general-topics/how-and-when-to-use-arp-loadsharing-and-floating-ip-upstream/m-p/547717#M111872 <P>- arp loadsharing is 'sticky' in a sense that it uses an algorithm to determine which 'source' is handled by each firewall. if you have an internal (NAT)router or proxy for example, that could easily skew how the 'sharing' part actually works.</P> <P>for load sharing i'd sooner rely on ECMP if that's an option instead of distributing among chassis</P> <P>- i guess that could also work</P> <P>- if your perimeter is L2 connected so both firewalls can use the same public IP, load sharing could work, but what do you see as the added value of doing this? stretching the firewall's capacity (1+1=2) is dangerous in case of failure</P> <P>&nbsp;</P> <P>I usually resort to floating IP so i can easily predict which firewall is used for what and only when there is a failover the traffic will shift.&nbsp;</P> Thu, 29 Jun 2023 13:03:26 GMT https://live.paloaltonetworks.com/t5/general-topics/how-and-when-to-use-arp-loadsharing-and-floating-ip-upstream/m-p/547717#M111872 reaper 2023-06-29T13:03:26Z