BGP Multipath and ECMP Load Balancing
Learn how BGP multipath and Equal-Cost Multi-Path (ECMP) distribute traffic across multiple links for better bandwidth utilization and redundancy.
The Single Best Path Problem
By default, BGP selects only one best path per prefix and installs it in the routing table. Even if you have four transit links, all traffic for a given destination uses just one of them.
Default BGP behavior:
Path 1 via Provider A: SELECTED (best path)
Path 2 via Provider B: backup only
Path 3 via IXP peer: backup only
Result: Provider A carries all traffic. Others sit idle.
BGP Multipath: Using Multiple Paths
BGP multipath allows the router to install multiple equal-cost BGP paths into the forwarding table, distributing traffic across them using ECMP (Equal-Cost Multi-Path) hashing.
With multipath enabled:
Path 1 via Provider A: INSTALLED (best path)
Path 2 via Provider B: INSTALLED (multipath)
Result: Traffic is load-balanced 50/50 across both providers.
Configuring BGP Multipath
# Cisco IOS: eBGP multipath (up to 4 paths)
router bgp 64512
address-family ipv4 unicast
maximum-paths 4
# Cisco IOS: iBGP multipath
router bgp 64512
address-family ipv4 unicast
maximum-paths ibgp 4
# Junos: Enable multipath
routing-options {
autonomous-system 64512;
}
protocols bgp {
group TRANSIT {
multipath;
}
}
# BIRD 2
protocol bgp {
merge paths on;
}
Requirements for Multipath
For two BGP paths to be considered "equal" for multipath, they must match on several attributes. The specific requirements depend on the implementation:
| Attribute | Must Match? | Notes |
|---|---|---|
| Weight | Yes | Cisco-specific, must be equal |
| Local Preference | Yes | Must be identical |
| AS Path Length | Yes | Must be same length |
| Origin | Yes | Must be same (IGP/EGP/Incomplete) |
| MED | Yes (usually) | Unless bgp bestpath med missing-as-worst |
| Next-hop | Must differ | Each path needs a different next-hop |
| IGP metric to next-hop | Depends | Some implementations require equal IGP cost |
ECMP Hashing
Once multiple paths are installed, the router uses a hash function to distribute flows across them. The hash typically uses:
- Source IP address
- Destination IP address
- IP protocol number
- Source port
- Destination port
This ensures all packets for a single TCP flow take the same path (preventing out-of-order delivery), while different flows are distributed across paths.
Flow A (src: 10.0.0.1 dst: 8.8.8.8) -> Hash -> Path 1
Flow B (src: 10.0.0.2 dst: 8.8.8.8) -> Hash -> Path 2
Flow C (src: 10.0.0.1 dst: 1.1.1.1) -> Hash -> Path 1
Flow D (src: 10.0.0.3 dst: 9.9.9.9) -> Hash -> Path 2
Unequal-Cost Multipath
Some routers support unequal-cost multipath, distributing traffic proportionally based on link bandwidth or configured weights:
# Cisco: DMZ link bandwidth
neighbor 10.0.0.1 dmzlink-bw
neighbor 10.0.0.2 dmzlink-bw
# Traffic distributed proportionally:
# 10 Gbps link -> 10/(10+1) = 91% of traffic
# 1 Gbps link -> 1/(10+1) = 9% of traffic
Multipath Best Practices
- Start with 2 paths and increase gradually while monitoring.
- Use BGP add-path (RFC 7911) to advertise multiple paths to iBGP peers instead of just the best.
- Monitor per-path utilization to verify balanced distribution.
- Test failover -- disable one path and verify traffic shifts cleanly.