We have a setup where a ClusterXL is connected to two ASR routers and OSPF is running.
The ASRs advertise to the cluster default route and the cluster installs these default routes in it's routing table so it has two equal-cost default routes to two different next hops.
The ASRs are used as our internet routers and they perform hide NAT when accessing the internet.
We are now facing an issue where one TCP session is routed towards router 1, gets NATed using that router's hide NAT pool, and at a certain time the CP gateway might choose the 2nd router for the same flow and then it gets a different hide NAT IP and hence the session is being terminated.
Is it possible to set the CheckPoint to maintain the same session to be routed to the same router? how does the CheckPoint determine which default route to use?
I am reading this article and it says:
- "Round robin" next hop algorithm is not supported.
- "Source hash" next hop algorithm is not supported.
- "Destination hash" next hop algorithm is not supported.
- ECMP over OSPF supports up to 8 simultaneous routes.
So, what is then the algorithm that the CheckPoint uses in order to determine the next hop?