Flow rules for sessions that cannot be load balanced
Some traffic types cannot be load balanced. Sessions for traffic types that cannot be load balanced should normally be sent to the primary (or master) FPM by configuring flow rules for that traffic. You can also configure flow rules to send traffic that cannot be load balanced to specific FPMs.
Create flow rules using the config loadbalance flow-rule command. The default configuration uses this command to send IKE, GRE, session helper, Kerberos, BGP, RIP, IPv4 and IPv6 DHCP, PPTP, BFD, IPv4 multicast and IPv6 multicast to the primary FPM. You can view the default configuration of the config loadbalance flow-rule command to see how this is all configured. For example, the following configuration sends BGP source and destination sessions to the primary FPM:
config load-balance flow-rule
edit 3
set status enable
set vlan 0
set ether-type ip
set protocol tcp
set src-l4port 179-179
set dst-l4port 0-0
set tcp-flag any
set action forward
set forward-slot master
set priority 5
set comment "bgp src"
next
edit 4
set status enable
set vlan 0
set ether-type ip
set protocol tcp
set src-l4port 0-0
set dst-l4port 179-179
set tcp-flag any
set action forward
set forward-slot master
set priority 5
set comment "bgp dst"
end
See Default configuration for traffic that cannot be load balanced for a listing of all of the default flow rules.