Load sharing on incoming traffic can be difficult to achieve. It's affected by many different factors, most of which are beyond your control.
Would it be possible to see a sanitized version of your BGP-related config on that router? To figure out why incoming traffic is behaving the way it is, you need to take a good look at the BGP path selection process. You might simply find that most of the people accessing your site are customers of one of your ISPs so that is the best path. Or, your prefixes might be getting filtered in ways you wouldn't expect and that can affect incoming traffic flows. Depending on the actual problem there are a couple of things you can do. If possible, please send your config so we can figure out the best way to alleviate the problem. John >>> "Bob Timmons" 1/23/02 12:26:00 PM >>> Hey all, got a question, but first, the situation... We've got 2 T1's in our NYC location that go to 2 different ISPs. We've moved these Ts off of their respective Cisco 2500's and onto a single Cisco 7206vxr. This is now our 'outside internet' router. The ethernet interface goes to the Checkpoint unix box and the other side of the unix box goes to the internal network. The internal network is using a 10.x.x.x/22 range (2000 addresses). We'd like to perform some load-sharing using BGP. We've obtained an AS number and are getting full routes from both providers. Outbound BGP seems to work fine. Depending on site, it takes differnet paths. Inbound, however, is dominated by one T only. We're using PAT at the firewall to perform address translation. The firewall only has 1 valid 'Internet' IP address. It's my understanding that this is why all inbound traffic is using only 1 provider, as opposed to both. I'd like to either have 2 valid internet IP addresses at the firewall (which I'm not sure is even possible) or perform the PAT at the router and maybe use access-lists to split up the traffic. I guess the question is, what is the best practice when doing this? I'm sure that we're not the only company that wants to do something like this. Do either of my solutions sound feasible? thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32989&t=32983 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]