How to configure E-BGP to load balance traffic via ECMP with Dual ISPs

How to configure E-BGP to load balance traffic via ECMP with Dual ISPs

37111
Created On 05/01/19 00:39 AM - Last Modified 05/01/19 03:11 AM


Objective


This article describes how to enable load balancing across dual Internet Service Providers (ISPs) for a destination when using External Border Gateway Protocol (EBGP).

Environment


  • PAN-OS
  • Dual ISP
  • EBGP

Procedure


To enable ECMP for BGP, use the following steps.
  1. Enable ECMP on Virtual Router.
Network > Virtual Routers > Virtual Router <name>  > Routing Settings > ECMP > Enable
  1. Enable ECMP for BGP.
Network > Virtual Routers > Virtual Router <name>  > BGP > Advanced > ECMP Multiple AS Support 


Example:

Palo Alto firewall is receiving subnet 152.152.152.0/24 from dual ISPs.
The configuration below will allow traffic to be load balanced across these two ISPs.
User-added image
Step 1: Enabling ECMP on Virtual Router.

User-added image

Step2: Enabling Multiple AS support in BGP 

User-added image

Once committed, the BGP RIB table displays both paths.

User-added image

The forwarding table displays both paths being used.

User-added image

Note: For the BGP ECMP to work,  the destinations need to have equal best path characteristics such as weight, local-preference, AS-PATH, Origin, and MED. 
 

Additional Information


Refer to PAN-OS® Administrator’s Guide, ECMP for more information.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLsvCAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail