topic Re: Slowness after using ECMP in Network Security

Slowness after using ECMP

sahdogra — Wed, 14 Jan 2026 06:10:32 GMT

We have a 3110 with version 7.6 managed by FMC 7.6. The flow is User >> WLC >> Core Switch >> Cisco FTD >> Internet Switch >> ISP Router 1 & ISP Router 2. On FTD we have created sub-interfaces of 10 Gig link and we have two 1 Gig links from ISP. We are using ECMP on FTD for load sharing. We are observing the slowness of internet access for end users when we are using ECMP on FTD. If we are using a single path then end user experiencing no issues, but when ECMP is getting enabled the slowness of internet access is occurring. What could be the issue?

Re: Slowness after using ECMP

nspasov — Wed, 14 Jan 2026 13:58:19 GMT

It is hard to say without additional information. Issues like this typically require live troubleshooting with access to the setup. Thus, it is probably best to engage TAC. Nonetheless, we can try here:

Do you have a diagram / sketch of the setup?
How is your routing configured on the firewalls?
Which device is configured to do NAT?
Are port-channels configured anywhere?
Have you seen this guide before and check it against your setup/configuration? https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221692-configure-ecmp-with-ip-sla-on-ftd-manage.html

Thank you for rating helpful posts!

How is your routing configured on the ISP router

Is the Internet switch L2 or L3

Re: Slowness after using ECMP

Cristian Matei — Tue, 20 Jan 2026 16:38:34 GMT

Hi,

@sahdogra Just to confirm, and not assume. When using no ECMP, and ISP1 as Primary (default route) with ISP2 as Secondary (backup default route not present in RIB), as well as ISP2 as Primary (default route) with ISP1 as Secondary (backup default route not present in RIB), everything works fine? Trying, to first, ensure, that when using just one of the ISP's for Internet traffic, regardless which one, experience is good. Only if this is true, we can take a look over ECMP use case.

For ECMP, when you say slow, what do you mean, you get Internet access all the time but experience is bad, or sometimes it works and sometimes it doesn't work? Have you correctly followed this guide (and correctly configured NAT as well, for both ISP's, since the guide doe not cover NAT):

https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221692-configure-ecmp-with-ip-sla-on-ftd-manage.html#toc-hId-825249988

Thanks,

Cristian.

Re: Slowness after using ECMP

Marius Gunnerud — Tue, 20 Jan 2026 21:22:06 GMT

How is the ISP side set up? are they doing some kind of load balancing also?
I would suggest setting up packet captures on the two interfaces when they are configured in ECMP and see if you see any significant packet drops on one or both of the interfaces. in addition you can run the command "show asp drop" during the times of issues to see what the drop reason could be.
Also, if you have access to the "Internet Switch" you could also do a capture or SPAN (depending on model) and see if you there is something happening there.