Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nikodemus
Participant

R81.10 Maestro VSX with OSPF/ECMP

Anyone who could help with below question:

 

Setup:

- Single site Maestro R81.10 including latest JHF

- 3 external interfaces, each of them connected to another router

- 3 default routes are received via OSPF (equal cost).

- All antispoofing is enabled and is using the routing table information.

 

What happens for:

1) Outgoing connections?

Outgoing interface is determined using Weighted Fair Queueing. What will happen if the return packet enters on another interface? (Asymmetric routing) - As the antispoofing is configued correctly, will the flow be accepted and fully inspected?

2 Incoming connections?

We have no control about on which interface the traffic is entering. But will the reply packet use the same interface for replying (stickiness)? Or will it determine the external interface using the 'Weighted Fair Queueing' and thus potentially creating asymmetric routing?

 

Thanks!

0 Kudos
1 Reply
Dario_Perez
Employee Employee
Employee

for 1 Outgoing connections

If the packet come from different interface who decide if is inspected or not is the antispoofing since you already define what can pass from that interface. Who decides is the stateful inspection due that is asymmetric routing. 

2) incomming Packet should be replied by same interface. 

 

Question to you. why are you using ECMP on Maestro R81.10, this version allow Upto 10 Redundant ISP.  or it is for internal traffic?  

0 Kudos