Configure ECMP

Configure ECMP to enable efficient traffic handling through the device with support for asymmetric routing, load balancing, and seamless handling of lost traffic.

This example demonstrates how to use Cloud-Delivered Firewall Management Center to configure ECMP zones on Firewall Threat Defense such that the traffic flowing through the device is handled efficiently. With ECMP configured, Firewall Threat Defense maintains the routing table on a per-zone basis, enabling efficient packet re-routing. Thus, ECMP supports asymmetric routing, load balancing, and seemleess handling of lost traffic. In this example, R4 records the two paths to reach the external file server.

Configuration example for ECMP
Configuration example for ECMP

Follow these steps to configure ECMP on your device:

Procedure

Step 1

Create a virtual router.

Set up a new router on R4 with interfaces: Inside1, Outside1, and Outside2. For more information, refer to Create virtual router.

Configuring R4 virtual router
Configuring R4 virtual router

Step 2

Create ECMP zones:

  1. In the Routing tab, choose R4 user defined virtual router, and then click ECMP.

  2. Click Add.

  3. Enter the ECMP name and from the Available Interfaces list, choose Outside1 and Outside2:

    Creating ECMP zone
    Creating ECMP zone

  4. Click Ok, and then Save.

Step 3

Create static routes for the zone interfaces:

  1. In the Routing tab, click Static Route.

  2. From the Interface drop-down list, select Outside1.

  3. Under Available Network, choose any-ipv4 and click Add.

  4. Specify the next-hop address in the Gateway field, 10.1.1.2.

    Configuring static route for Outside1
    Static route for outside1

  5. Configure the static route for Outside2 by repeating steps Step 3b through Step 3d.

Ensure to specify the same metric but different gateways for the static routes:

Configured static routes of ECMP zone interfaces
Static routes of ECMP zone interfaces

Step 4

Save the configuration and proceed to deploy it onto the network.

Network packets will now utilize efficient routes to reach their destination R3, either through R4>R1>R3 or R4>R2>R3, following the ECMP algorithm configuration. If the R1>R3 route becomes unavailable, the traffic will flow through R2 without dropping any packets. Additionally, the response from R3 can be received by Outside2 though the packet was sent from Outside1. When network traffic is heavy, R4 distributes the network load between two specified routes to maintain balanced traffic.