Best way to aggregate multiple internet lines

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Best way to aggregate multiple internet lines

L0 Member
I have 5 internet lines in my company, and currently I am aggregating them using the Firewall, using ECMP technique. the 5 internet lines have a different bandwidth (different speeds). 
 
the weighted round robing seems be the best way to go as I have an internet lines with different speed and I want to assign more traffic to the higher bandwidth line.
However with weighted round robin (any may be some of the other options too), I had theses 2 problem:
1. some websites blocked our end users connection, because the user is visiting the site from multiple source IPs, the websites like bank sites just shows a message say "a connection has been dropped due to IP change"
2. out of order packet, I am afraid that out of order packet issue can occur, for example a user can visit a specific site from the 2 internet lines, and send packet 1 to via a lower speed internet line, and send packet 2 via a higher speed one. in this case the higher speed line may reply before the lower speed line causing out of order issue. this may cause overhead on the firewall reordering the packets or can cause VOIP calls unstable. 
 - to fix these issues, I changed the ECMP mode to "IP hash with use source address only",  this will make the user always use the same internet line for the whole session. this way resolved the above 2 issues but bring up a different 2 issues
1. this method works as a balanced round robin not weighted round robin, so it assign the 5 internet line the same amount of traffic regardless of their speed. so the slow internet line treated like the fast internet line, this means that I have free bandwidth not used on the higher bandwidth lines, our internet bandwidth may not be fully used || I think this is not the optimum setup
2. the speeds of the internet lines is not merged, each user only use one line. if the 4 other lines totally free, the user will only use one internet line || I don't think that is the optimum setup.
 
anyone know how to resolve these issues, all I need is:
- merge the speed of all internet lines for any user
- mitigate the (IP change change issue) that cause some sites like bank sites to block the users
- take into consideration the line speed, so the fast line should take more traffic than the slow line
- mitigate out of order packet issue
> what is the way to achieve that? 
> I don't know much about the SD-WAN and the LACP, if any of them can resolve the above issues. 
Thanks in advance. 
1 REPLY 1

Cyber Elite
Cyber Elite

Good Day

 

I would strongly suggest that you reach out to your regional PANW SE (your reseller can assist you) to discuss the design and the concerns you have.  

Help the community: Like helpful comments and mark solutions
  • 1211 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!