This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
motiami
Contributor
‎2019-11-04 05:54 AM

ECMP with OSPF - how the gateway determines the next-hop

Hello,

We have a setup where a ClusterXL is connected to two ASR routers and OSPF is running.

The ASRs advertise to the cluster default route and the cluster installs these default routes in it's routing table so it has two equal-cost default routes to two different next hops.

The ASRs are used as our internet routers and they perform hide NAT when accessing the internet.

We are now facing an issue where one TCP session is routed towards router 1, gets NATed using that router's hide NAT pool, and at a certain time the CP gateway might choose the 2nd router for the same flow and then it gets a different hide NAT IP and hence the session is being terminated.

Is it possible to set the CheckPoint to maintain the same session to be routed to the same router? how does the CheckPoint determine which default route to use? 

I am reading this article and it says:

(4) Limitations

  • "Round robin" next hop algorithm is not supported.

  • "Source hash" next hop algorithm is not supported.

  • "Destination hash" next hop algorithm is not supported.

  • ECMP over OSPF supports up to 8 simultaneous routes.

So, what is then the algorithm that the CheckPoint uses in order to determine the next hop?

0 Kudos
3 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫