How to configure E-BGP to load balance traffic via ECMP with Dual ISPs

Objective

This article describes how to enable load balancing across dual Internet Service Providers (ISPs) for a destination when using External Border Gateway Protocol (EBGP).

Environment

Palo Alto Networks Firewall
Dual ISP
EBGP

Procedure

To enable ECMP for BGP, use the following steps.

Enable ECMP on Virtual Router.

Network > Virtual Routers > Virtual Router <name> > Routing Settings > ECMP > Enable

Enable ECMP for BGP.

Network > Virtual Routers > Virtual Router <name> > BGP > Advanced > ECMP Multiple AS Support

Example:

Palo Alto firewall is receiving subnet 152.152.152.0/24 from dual ISPs.
The configuration below will allow traffic to be load-balanced across these two ISPs.

A diagram of a computer AI-generated content may be incorrect.
Step 1: Enabling ECMP on Virtual Router.

User-added image

Step2: Enabling Multiple AS support in BGP

Once committed, the BGP RIB table displays both paths.

The forwarding table displays both paths being used.

For the BGP ECMP to work, the destinations need to have equal best path characteristics such as weight, local-preference, AS-PATH, Origin, and MED.

Additional Information

Refer to PAN-OS® Administrator’s Guide, ECMP for more information.