Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Blason_R
Leader
Leader

Check Point AWS Direct Connectivity BGP ECMP

Hi Team,

I have been asked to deploy 4 links to AWS DX connectivity. This is over BGP and I wanted to enable BGP ECMP so that all those links will be utilized. However I wanted to confirm if the traffic leaves from LAN to AWS will be delivered from the same link and if not will firewall accept the connection if receives from other link since its gonna be asynchronous routing.

Here is diagram - 

AWS-Direct Connect Terminatev1.0.13082021.jpg

 

Any specific considerations?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
3 Replies
Chris_Atkinson
Employee Employee
Employee

As is so long as anti-spoofing is configured correctly to permit traffic on the available paths and the same Firewall see both sides of the flow this shouldn't be a problem. 

For more information on BGP ECMP and the consideration for the configuration please see sk100504.

CCSM R77/R80/ELITE
0 Kudos
Blason_R
Leader
Leader

Yeah - Thanks for the response. So I hope I dont need to disable best-path selection policy of something. Just like in my other router setup I had to relax best path selection. In case of Check Point if all the attributes match and have ecmp enable I should see multiple paths added in route table.

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
Chris_Atkinson
Employee Employee
Employee

To an extent that's what route-maps are for to adjust local_pref or as-path pre-pending to make the paths seem equal when attributes aren't necessarily as you need them.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events