Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

PIX Firewall ECMP support selection on multiple interfaces

Resolution

Up to three equal cost routes to the same destination can be defined per interface. But, Equal Cost Multiple Path (ECMP) is not supported across multiple interfaces. With ECMP, the traffic is not necessarily divided evenly between the routes. Traffic is distributed among the specified gateways based on an algorithm that hashes the source and destination IP addresses.

With 6.3 code and later, the PIX Firewall performs load balancing among a maximum of three peers on a single interface with ECMP. This scenario can be configured on the PIX if a default route is not configured on the PIX, and the PIX learns default routes through Open Shortest Path First (OSPF) from the outside routers.

This example shows static routes that are equal cost routes. They direct traffic to three different gateways on the outside interface. The security appliance distributes the traffic among the specified gateways.

hostname(config)# route outside 10.10.10.0 255.255.255.0 192.168.1.1
hostname(config)# route outside 10.10.10.0 255.255.255.0 192.168.1.2
hostname(config)# route outside 10.10.10.0 255.255.255.0 192.168.1.3

Refer to these documents for more information:

PIX Software Version

PIX version 6.3

PIX version 7.x

991
Views
0
Helpful
0
Comments