https://community.cisco.com/t5/network-security/using-flex-configuration-for-pbr/m-p/5274899#M1120270 <P>Hi,</P><P>I am looking to use flex configuration to push a subnet traffic down a 3 VTI tunnels in ECMP.</P><P>I am wanting the traffic to be load balanced or round robin. How is this achievable if each VTI has a different tunnel IP.&nbsp;</P> Tue, 25 Mar 2025 11:48:43 GMT NetworkMonkey101 2025-03-25T11:48:43Z https://community.cisco.com/t5/network-security/using-flex-configuration-for-pbr/m-p/5274899#M1120270 <P>Hi,</P><P>I am looking to use flex configuration to push a subnet traffic down a 3 VTI tunnels in ECMP.</P><P>I am wanting the traffic to be load balanced or round robin. How is this achievable if each VTI has a different tunnel IP.&nbsp;</P> Tue, 25 Mar 2025 11:48:43 GMT https://community.cisco.com/t5/network-security/using-flex-configuration-for-pbr/m-p/5274899#M1120270 NetworkMonkey101 2025-03-25T11:48:43Z https://community.cisco.com/t5/network-security/using-flex-configuration-for-pbr/m-p/5274906#M1120271 <P>Hello&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1495947">@NetworkMonkey101</a>&nbsp;</P> <P>By configuring dynamic routing you could achieve ECMP load balancing over the three VTI.</P> <P class="" data-start="0" data-end="661">When using a dynamic routing protocole, the router learn multiple routes to the same destination via the three VTIs. If these routes have the same cost (ospf) or feasible distance (eigrp), the router installs all of them in the routing table, allowing CEF to distribute traffic across them.&nbsp;</P> <P class="" data-start="663" data-end="1199">=&gt; By default, CEF performs per-destination load balancing, meaning packets from the same flow always take the same path. However, CEF can also be configured for per-packet load balancing, ensuring a round-robin distribution across all tunnels.</P> <P class="" data-start="663" data-end="1199"><A href="https://www.cisco.com/c/en/us/td/docs/ios/12_4t/ip_switch/configuration/guide/tceflbs.html#wp1046328" target="_blank" rel="noopener">https://www.cisco.com/c/en/us/td/docs/ios/12_4t/ip_switch/configuration/guide/tceflbs.html#wp1046328</A></P> Tue, 25 Mar 2025 11:59:21 GMT https://community.cisco.com/t5/network-security/using-flex-configuration-for-pbr/m-p/5274906#M1120271 M02@rt37 2025-03-25T11:59:21Z https://community.cisco.com/t5/network-security/using-flex-configuration-for-pbr/m-p/5274945#M1120274 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1495947">@NetworkMonkey101</a> FTD uses traffic zone for ECMP. You associate VTI interfaces with ECMP zones and configure ECMP static routes to achieve the following:</P> <UL class="ul"> <LI class="li"> <P class="p">Load balancing (Active/Active VTIs)—Connection can flow over any of the parallel VTI tunnels.</P> </LI> </UL> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/760/management-center-device-config-76/vpn-s2s.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/760/management-center-device-config-76/vpn-s2s.html</A></P> <P>&nbsp;</P> Tue, 25 Mar 2025 14:22:23 GMT https://community.cisco.com/t5/network-security/using-flex-configuration-for-pbr/m-p/5274945#M1120274 Rob Ingram 2025-03-25T14:22:23Z