Using Flex configuration for PBR

NetworkMonkey101 · ‎03-25-2025

Hi,

I am looking to use flex configuration to push a subnet traffic down a 3 VTI tunnels in ECMP.

I am wanting the traffic to be load balanced or round robin. How is this achievable if each VTI has a different tunnel IP.

M02@rt37 · ‎03-25-2025

Hello @NetworkMonkey101

By configuring dynamic routing you could achieve ECMP load balancing over the three VTI.

When using a dynamic routing protocole, the router learn multiple routes to the same destination via the three VTIs. If these routes have the same cost (ospf) or feasible distance (eigrp), the router installs all of them in the routing table, allowing CEF to distribute traffic across them.

=> By default, CEF performs per-destination load balancing, meaning packets from the same flow always take the same path. However, CEF can also be configured for per-packet load balancing, ensuring a round-robin distribution across all tunnels.

https://www.cisco.com/c/en/us/td/docs/ios/12_4t/ip_switch/configuration/guide/tceflbs.html#wp1046328

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Rob Ingram · ‎03-25-2025

@NetworkMonkey101 FTD uses traffic zone for ECMP. You associate VTI interfaces with ECMP zones and configure ECMP static routes to achieve the following:

Load balancing (Active/Active VTIs)—Connection can flow over any of the parallel VTI tunnels.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/760/management-center-device-config-76/vpn-s2s.html