How to configure E-BGP to load balance traffic via ECMP with Dual ISPs
35976
Created On 05/01/19 00:39 AM - Last Modified 05/01/19 03:11 AM
Objective
This article describes how to enable load balancing across dual Internet Service Providers (ISPs) for a destination when using External Border Gateway Protocol (EBGP).
Environment
- PAN-OS
- Dual ISP
- EBGP
Procedure
To enable ECMP for BGP, use the following steps.
- Enable ECMP on Virtual Router.
Network > Virtual Routers > Virtual Router <name> > Routing Settings > ECMP > Enable
- Enable ECMP for BGP.
Network > Virtual Routers > Virtual Router <name> > BGP > Advanced > ECMP Multiple AS Support
Example:
Palo Alto firewall is receiving subnet 152.152.152.0/24 from dual ISPs.The configuration below will allow traffic to be load balanced across these two ISPs.
Step 1: Enabling ECMP on Virtual Router.
Step2: Enabling Multiple AS support in BGP
Once committed, the BGP RIB table displays both paths.
The forwarding table displays both paths being used.
Note: For the BGP ECMP to work, the destinations need to have equal best path characteristics such as weight, local-preference, AS-PATH, Origin, and MED.
Additional Information
Refer to PAN-OS® Administrator’s Guide, ECMP for more information.