ECMP Settings

  • Network > Virtual Routers > Router Settings > ECMP
Use the following fields to configure Equal-Cost Multiple Path settings.
ECMP Settings
Description
Enable
Enable
ECMP.
Enabling, disabling, or changing ECMP on an existing virtual router causes the system to restart the virtual router, which might cause existing sessions to be terminated.
Symmetric Return
(
Optional
) Select
Symmetric Return
to cause return packets to egress out the same interface on which the associated ingress packets arrived. That is, the firewall will use the ingress interface on which to send return packets, rather than use the ECMP interface, so the
Symmetric Return
setting overrides load balancing. This behavior occurs only for traffic flows from the server to the client.
Max Path
Select the maximum number of equal-cost paths: (2, 3, or 4) to a destination network that can be copied from the RIB to the FIB. Default is 2.
Method
Choose one of the following ECMP load-balancing algorithms to use on the virtual router. ECMP load balancing is done at the session level, not at the packet level. This means that the firewall (ECMP) chooses an equal-cost path at the start of a new session, not each time a packet is received.
  • IP Modulo
    —By default, the virtual router load balances sessions using this option, which uses a hash of the source and destination IP addresses in the packet header to determine which ECMP route to use.
  • IP Hash
    —There are two IP hash methods that determine which ECMP route to use:
    • If you select
      IP Hash
      , by default the firewall uses a hash of the source and destination IP addresses.
    • Alternatively, you can select
      Use Source Address Only
      (available in PAN-OS 8.0.3 and later releases). This IP hash method ensures that all sessions belonging to the same source IP address always take the same path.
    • Optionally select
      Use Source/Destination Ports
      to include the ports in either hash calculation. You can also enter a
      Hash Seed
      value (an integer) to further randomize load balancing.
  • Weighted Round Robin
    —This algorithm can be used to take into consideration different link capacities and speeds. Upon choosing this algorithm, the Interface window opens. Click
    Add
    and select an
    Interface
    to be included in the weighted round robin group. For each interface, enter the
    Weight
    to be used for that interface.
    Weight
    defaults to 100; range is 1-255. The higher the weight for a specific equal-cost path, the more often that equal-cost path will be selected for a new session. A higher speed link should be given a higher weight than a slower link, so that more of the ECMP traffic goes over the faster link. Click
    Add
    again to add another interface and weight.
  • Balanced Round Robin
    —Distributes incoming ECMP sessions equally across links.

Related Documentation