I think I may have gotten this working after all. I added a second IP address to the unix box and then split up the /22 range to 2 /23 ranges and PAT'd that way. I'm seeing the rxload & txloads leveling off now. I'll keep you posted. Thanks for the input.
> Load sharing on incoming traffic can be difficult to achieve. It's > affected by many different factors, most of which are beyond your > control. > > Would it be possible to see a sanitized version of your BGP-related > config on that router? > > To figure out why incoming traffic is behaving the way it is, you need > to take a good look at the BGP path selection process. You might simply > find that most of the people accessing your site are customers of one of > your ISPs so that is the best path. Or, your prefixes might be getting > filtered in ways you wouldn't expect and that can affect incoming > traffic flows. Depending on the actual problem there are a couple of > things you can do. > > If possible, please send your config so we can figure out the best way > to alleviate the problem. > > John > > >>> "Bob Timmons" 1/23/02 12:26:00 PM >>> > Hey all, got a question, but first, the situation... > > We've got 2 T1's in our NYC location that go to 2 different ISPs. > We've > moved these Ts off of their respective Cisco 2500's and onto a single > Cisco > 7206vxr. This is now our 'outside internet' router. The ethernet > interface > goes to the Checkpoint unix box and the other side of the unix box goes > to > the internal network. The internal network is using a 10.x.x.x/22 > range > (2000 addresses). We'd like to perform some load-sharing using BGP. > We've > obtained an AS number and are getting full routes from both providers. > Outbound BGP seems to work fine. Depending on site, it takes > differnet > paths. Inbound, however, is dominated by one T only. We're using PAT > at > the firewall to perform address translation. The firewall only has 1 > valid > 'Internet' IP address. It's my understanding that this is why all > inbound > traffic is using only 1 provider, as opposed to both. I'd like to > either > have 2 valid internet IP addresses at the firewall (which I'm not sure > is > even possible) or perform the PAT at the router and maybe use > access-lists > to split up the traffic. I guess the question is, what is the best > practice > when doing this? I'm sure that we're not the only company that wants > to do > something like this. Do either of my solutions sound feasible? > > thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32993&t=32983 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
