Configuration Example for ECMP

This example demonstrates how to use management center to configure ECMP zones on threat defense such that the traffic flowing through the device is handled efficiently. With ECMP configured, threat defense maintains the routing table per zone basis, and hence it makes it possible to re-route the packets in the best possible routes. Thus, ECMP supports asymmetric routing, load balancing, and handles lost traffic seamlessly. In this example, R4 records the two paths to reach the external file server.

Procedure

Step 1	Create virtual router—R4 with Inside1, Outside1, and Outside2 interfaces: Configuring R4 Virtual Router
Step 2	Create ECMP zones: In the Routing tab, choose R4 user defined virtual router, and then click ECMP. Click Add. Enter the ECMP name and from the Available Interfaces list, choose Outside1 and Outside2: Creating ECMP Zone Click Ok, and then Save.
Step 3	Create static routes for the zone interfaces: In the Routing tab, click Static Route. From the Interface drop-down list, select Outside1. Under Available Network, choose any-ipv4 and click Add. Specify the next-hop address in the Gateway field, 10.1.1.2: Configuring Static Route for Outside1 Configure the static route for Outside2, repeating from Step 3b to Step 3d. Ensure to specify same metric, but different gateways for the static routes: Configured Static Routes of ECMP Zone Interfaces
Step 4	Save and Deploy.

The network packets to reach its destination, R3, follows R4>R1>R3 or R4>R2>R3, based on the ECMP algorithm. If R1>R3 route is lost, the traffic flows through R2 without any packet drops. Similarly, the response from R3 can be received by Outside2 though the packet was sent from Outside1. In addition, when the network traffic is heavy, R4 distributes them between the two routes and thus balances the load.