We have two Palo firewalls connected in active/active with HA links between. The HA links consist of multiple ports in a static link agg going across our network. One port in one of the link aggs we regularly see alerting for high utilisation. Having checked usage on the other 3 ports in the same linkagg they are hardly used at all. Having looked on our network side the hashing is set to 'source destination IP' but I am unsure how or where this is configured on the Palo side. Also not sure why this is configured as a static linkagg rather than LACP? We use LACP pretty much everywhere else on our network where supported so can only presume the person who installed years ago didn't bother with it. Has anyone got any experience with this or ideas why only one link would be getting used? Cheers
No comments:
Post a Comment