Our question is "How can the firewall choose the route without configuring the ECMP"
Appreciate your support as mentioned in this documentation
"Without this feature, if there are multiple equal-cost routes to the same destination, the virtual router chooses one of those routes from the routing table and adds it to its forwarding table; it will not use any of the other routes unless there is an outage in the chosen route"
If you have multiple route entries to same destination with same metric you need ECMP to be enabled.
ECMP path choosing methods are:
- IP Modulo (default)—The virtual router load balances sessions using a hash of the source and destination IP addresses in the packet header to determine which ECMP route to use.
- IP Hash—There are two IP hash methods that determine which ECMP route to use:
If you select IP Hash, by default the firewall uses a hash of the source and destination IP addresses.
If you Use Source Address Only (available in PAN-OS 8.0.3 and later releases), the firewall ensure that all sessions belonging to the same source IP address always take the same path.
If you also Use Source/Destination Ports, the firewall includes the ports in either hash calculation. You can also enter a Hash Seed value (an integer) to further randomize load balancing.
- Weighted Round Robin—You can use this algorithm to take in to consideration different link capacities and speeds. When choosing this algorithm, the Interface dialog opens. Add and select an Interface to include in the weighted round robin group. For each interface, enter the Weight for that interface (range is 1 to 255; default is 100). The higher the weight for a specific equal-cost path, the more often that the equal-cost path is selected for a new session. A higher speed link should be given a higher weight than a slower link so that more of the ECMP traffic goes over the faster link. You can then Add another interface and weight.
- Balanced Round Robin—Distributes incoming ECMP sessions equally across links.
Other option is to use Policy Based Forwarding.
PBF will be checked first and if traffic matches PBF policy then PBF route takes precedence and virtual router routes are not checked.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!