Using metrics or ECMP on multiple routes to the same destination

Route metrics

When you configure more than one route to a destination, the metric values configured for each route are used to determine the best path for traffic to use, with the lower value route winning. If the winning route becomes unavailable, the other configured route is automatically taken into use.

Equal-cost multi-path

If equal-cost multi-path (ECMP) is enabled on two or more routes to the same destination, traffic is sent over the routes using a hash-based balancing method. This approach can potentially increase the throughput of traffic through the use of multiple links. You can configure up to 16 routes.

Probing methods for route monitoring

You can configure probes that monitor the routes. Two methods are available:

• Ping — The NGFW Engine sends ICMP echo (ping) messages to a host in the destination network and expects responses.
• Next hop reachability — The NGFW Engine checks that the next hop gateway can be contacted and that the link is up.

If the probing method fails, the route is considered to be unavailable.

The route monitoring continues after a route has been removed from the routing table, and if the route becomes available again, the route is added back to the routing table. The status of the routing table is shared by the dynamic routing protocols that the NGFW Engine is using. For example, if a route is unavailable, the NGFW Engine stops advertising the route.

When probing is enabled on routes, the Allowed for Other Interfaces option is automatically enabled in the Antispoofing configuration. When enabled through the right-click menu, the NGFW Engine does not block traffic coming from other interfaces.

Multi-Link routes

With Multi-Link routes, you can use different outbound NetLinks to route traffic through different ISPs. You can also use route metrics or ECMP with NetLinks. For more information, see the section about defining Multi-Link routes.

Examples

The following are examples of using route metrics or ECMP and the two route monitoring methods.

Figure: Route metrics and the ping method for route monitoring

1

The route through Router A has a metric value of 0, so it is the primary route. The route through Router B has a higher metric value, so it is the backup route.

2

The NGFW Engine pings a host in the destination network through Router A. If the host stops responding, connections failover to the route through Router B. Make sure the monitoring probes on each interface reach different hosts in the destination network that are reached through different routers.

Figure: ECMP and the next hop reachability method for route monitoring

1

The routes through Router A and Router B have ECMP enabled, so traffic is sent over both routes using a hash-based balancing method.

2

The NGFW Engine checks that the links to Router A and Router B are up and that the routers are responding. If a link goes down and the router cannot be reached, the route is removed.