Can someone describe the load balancing algorithm used for Aggregate links?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can someone describe the load balancing algorithm used for Aggregate links?

Not applicable

Reading the documentation and forum posts, it doesn't appear that the PA is using LACP, therefore, it's not using one of the 3 common LACP load balancing algorithms.

Could someone describe how it's making the decision to send traffic down a particular link?  Also, am I able to modify the behavior?  (it doesn't seem like I can through the web interface).

Thanks!

1 accepted solution

Accepted Solutions

L6 Presenter

Hi..You are correct and we don't support LACP at this time.  We only support static link aggregation.  To connect to other networking devices, simply set LAG to be static.  Thanks.

View solution in original post

8 REPLIES 8

L6 Presenter

Hi..You are correct and we don't support LACP at this time.  We only support static link aggregation.  To connect to other networking devices, simply set LAG to be static.  Thanks.

So as of today PAN only use srcmac+dstmac as transmit hash?

Which gives that if you setup PA <- 2 cables -> switch <-> server only one of the cables will be used for traffic from PA to the server?

Would be great if this can be tweakable in future updates to at least involve a transmit hash such as srcip+srcport+dstip+dstport for added utilization of the available links in the aggregated group.

Do you have an ETA on when LACP or L4 hashing will be implemented?  I've had several clients bring up the issue.

Please check with your local Palo Alto SE for update on upcoming features.  Thanks.

Not applicable

Is there more information on this? Suppose I have 4 ethernet interfaces in an aggregate group, when a frame hits the aggregate group software, how does the Palo choose which of the 4 interfaces the frame goes out of and what algorithm does it use. If it's static, does that mean it goes out all interfaces as a pseudo broadcast?

L5 Sessionator

We use the session ID to select the port, and a simple IP modulo to load balance (so even session IDs to one port and odd to another if the LAG has 2 ports). The last 3 bits of session id is used to distribute the flows into the outbound port. i.e  with 3 bits we could identify 8 unique ports(max ports we support in ae bundle).

Not applicable

If you have an 8 port LAG the sessions still go out 1 and 2 for odd and even? Or do they go in a round-robin fashion where the first odd session goes out port 1 and the next out port 3 and so on? After the session has established it's physical port it is then load-balanced by the last three bits based off IP modulo source IP?

Community Team Member

Just putting it out there that LACP has been supported for a while now:

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClG8CAK

 

Cheers,

-Kiwi.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 1 accepted solution
  • 9637 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!