Default Egress IP of SG that has multiple physical IPs configured
search cancel

Default Egress IP of SG that has multiple physical IPs configured


Article ID: 262543


Updated On:


ProxySG Software - SGOS ISG Proxy SG-VA


Expected default behavior of SGOS 6.7.x and 7.3.x where SGs got deployed with multiple physical IPs configured. 


IPs configured to egress Interface in question are in same subnet as the default gateway.  

Sample of interface configuration:




 6.7.x SGOSes does automatic load sharing where egress IP selection are based on client IP hash.     

For 7.x SGOSes, ProxySG (EdgeSWG ) automatic load sharing are disabled by default and  will use the first IP configured when reaching out to internet or best match base from the route entry.  To mimic the 6.7.x behavior, the egress IP selection can be changed to client IP hash by running "address-selection ipv4-source-hash" CLI command on said SG's egress interface. 


Client IP hash is a load balance technic that extract the last octet of the client IPv4 address and use that as a modulo index to determine which egress IPv4 address to use.  Together with increasing available source port and lowering 2MSL timer , the client IP hash (i.e. ipv4-source-hash ) feature will be useful when attempting to avoid port exhaustion issues.

Reflect client IP can also influence which egress IP SG will use.  Reflect client IP override the default or client IP hashing / ipv4-source-hashing. 

Additional Information

Sample packet capture screenshots:

 Default behavior in 7.x using first Ip configured in egress interface 1:0

With automatic load sharing (7.x  address selection set to  ipv4-source-hash )