You are having a problem with how your network is being announced to the Internet. The Internet as a whole has 1 preferred path back to your network. Check with some route-servers to verify this (see below). You could try as-path prepending toward the provider who all you inbound traffic is coming from.
telnet to these hosts for router servers. sho ip bgp x.x.x.0 will tell you about the path to get to your network. route-views.oregon-ix.net ner-routes.bbnplanet.net route-server.cerf.net route-server.ip.att.net route-server.cbbtier3.att.net route-server.gblx.net route-server.as5388.net route-server.exodus.net route-server-ap.exodus.net route-server-eu.exodus.net route-server.colt.net -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bob Timmons Sent: Wednesday, January 23, 2002 1:26 PM To: [EMAIL PROTECTED] Subject: Splitting up outbound traffic for BGP [7:32983] Hey all, got a question, but first, the situation... We've got 2 T1's in our NYC location that go to 2 different ISPs. We've moved these Ts off of their respective Cisco 2500's and onto a single Cisco 7206vxr. This is now our 'outside internet' router. The ethernet interface goes to the Checkpoint unix box and the other side of the unix box goes to the internal network. The internal network is using a 10.x.x.x/22 range (2000 addresses). We'd like to perform some load-sharing using BGP. We've obtained an AS number and are getting full routes from both providers. Outbound BGP seems to work fine. Depending on site, it takes differnet paths. Inbound, however, is dominated by one T only. We're using PAT at the firewall to perform address translation. The firewall only has 1 valid 'Internet' IP address. It's my understanding that this is why all inbound traffic is using only 1 provider, as opposed to both. I'd like to either have 2 valid internet IP addresses at the firewall (which I'm not sure is even possible) or perform the PAT at the router and maybe use access-lists to split up the traffic. I guess the question is, what is the best practice when doing this? I'm sure that we're not the only company that wants to do something like this. Do either of my solutions sound feasible? thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=33000&t=32983 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]