OSPF multipath L2 FIP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

OSPF multipath L2 FIP

L0 Member

Hi,

   We recently purchased two PAN 5020 Firewalls. I had two easy questions.  We were wondering if they support OSPF multipath path (either equal cost or unequal cost).

I was also wondering if I can configure muliple Floating IP address in the L2 mode? Does it matter if I'm in Active Active or Active Passive?


Thank you

2 REPLIES 2

Not applicable

They do not support OSPF multipath - they will install only one route.

Can't help with the second question, but I'm sure someone that has deployed in L2 can chime in.

According to:

https://live.paloaltonetworks.com/message/10099#10099

and

https://live.paloaltonetworks.com/message/7904#7904

it seems that PAN currently doesnt support ECMP (Equal Cost MultiPath). But I think it should support "unequal" multipaths since this is the base of most dynamic routing protocols (only the "best" route will be loaded into the fabric and when this route fails the dynamic routing engine will select next route and load that into fabric).

So your best choice is to contact your sales rep. and issue this as a feature request (dont forget to return to this thread with an update on how it goes).

Regarding floating ip's those are only available (to my knowledge) in active/active setups.

That is because in active/passive its the very same config thats loaded in both devices (and the unit who is currently passive is simply virtually shutdown except for the mgmt interface and HA-links). While in active/active both devices must be online and VRRP (or similar) is being used (each unit have a physical IP address and then shares one or more floating IPs).

  • 2335 Views
  • 2 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!