ECMP with one IP on outgoing

Reply
L2 Linker

ECMP with one IP on outgoing

Hi,

 

We have configured ECMP on our PA-220 to HA of our Internet access with load balancing.

But we outgoing to Internet with two IP addresses. It's possible to configure only one IP public address view from outside ? If not possible, there is an another method ?

 

My configuration :

  • PA-220
  • PanOS 8.1.11

 

Thanks in advance for your help.

 

FG

L4 Transporter

Re: ECMP with one IP on outgoing

Hello there

 

Confused by your statements. Can you please edit and re-explain?

 

We have configured ECMP on our PA-220 to HA of our Internet access with load balancing.

 

Are the FWs in HA?  Are your routers upstream in HA? What is load balancing? (not the firewalls, right??)

 

But we outgoing to Internet with two IP addresses. It's possible to configure only one IP public address view from outside ? If not possible, there is an another method ?

 

You outgoing?  Or you meant that you are outgoing with 2 IPs?

Presuming one from each ISP?

 

If only wanting to use a single IP, then perhaps you can setup BGP with your ISP and only advertise a single IP across both ISPs.

 

Make sense (I hope?)

 

Help the community: Like helpful comments and mark solutions
L2 Linker

Re: ECMP with one IP on outgoing

Hi @SteveCantwell,

 

Sorry for my bad english. I re-explain my situation.

 

No, I don't my FW in HA, I have only one FW (PA-220). I enabled the ECMP (with Balanced Round Robin load balance method) on my virtual router by following this article : https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClF8CAK.

 

So now, my users are outgoing on Internet with two IP addresses configured with ECMP. This two IP adresses are provided by the same ISP.

 

But now, we want to go out on Internet with only one IP address while always enjoying our two links.

 

You talk about BGP, that's could be do that ?

 

I hope it's more comprehensive.

 

Thank you

L2 Linker

Re: ECMP with one IP on outgoing

Hi,

I don't a solution about my problem.

Anyone have a idea ?

Thank you for your help.

 

L2 Linker

Re: ECMP with one IP on outgoing

Other solution : I just need to outgoing on one web application with the same IP address (because this web application does not support concurrent session).

 

It's possible to add a filtering rule to define one path to access at this web application (for example, to access at this webapp https://mywebapps.example.com, I use the public IP 1.2.3.4 ?)

 

Thanks

L4 Transporter

Re: ECMP with one IP on outgoing

Hello

 

If you ISP gives you both public IPs, then their network should support using a single IP address.

If one link fails, the traffic should use the 2nd link, and the ISP should  know to send the traffic back to your FW.

 

You should talk with your ISP to confirm this.

 

We can try to translate our comments into your language.

 

 

Help the community: Like helpful comments and mark solutions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!