ECMP
Focus
Focus

ECMP

Table of Contents
End-of-Life (EoL)

ECMP

Equal Cost Multiple Path (ECMP) processing is a networking feature that enables the firewall to use up to four equal-cost routes to the same destination. Without this feature, if there are multiple equal-cost routes to the same destination, the virtual router chooses one of those routes from the routing table and adds it to its forwarding table; it will not use any of the other routes unless there is an outage in the chosen route.
Enabling ECMP functionality on a virtual router allows the firewall to have up to four equal-cost paths to a destination in its forwarding table, allowing the firewall to:
  • Load balance flows (sessions) to the same destination over multiple equal-cost links.
  • Efficiently use all available bandwidth on links to the same destination rather than leave some links unused.
  • Dynamically shift traffic to another ECMP member to the same destination if a link fails, rather than having to wait for the routing protocol or RIB table to elect an alternative path/route. This can help reduce downtime when links fail.
ECMP is supported on all Palo Alto Networks® firewall models, also with hardware forwarding support on the PA-7000 Series, PA-5200 Series, and PA-3200 Series. VM-Series firewalls support ECMP through software only. Performance is affected for sessions that cannot be hardware offloaded.
ECMP is supported on Layer 3, Layer 3 subinterface, VLAN, tunnel, and Aggregated Ethernet interfaces.
ECMP can be configured for static routes and any of the dynamic routing protocols the firewall supports.
ECMP affects the route table capacity because the capacity is based on the number of paths, so an ECMP route with four paths will consume four entries of route table capacity. ECMP implementation might slightly decrease the route table capacity because more memory is being used by session-based tags to map traffic flows to particular interfaces.
ECMP is not supported for equal-cost routes where one or more of those routes has a virtual router or logical router as the next hop. None of the equal-cost routes will be installed in the Forwarding Information Base (FIB).
For information about ECMP path selection when an HA peer fails, see ECMP in Active/Active HA Mode.
The following sections describe ECMP and how to configure it.