On Tue, Oct 09, 2001 at 12:19:36PM -0400, Kerry Schwab wrote:
> Firewall(s)
> | 12.5.136.1 == VRRP Address,
> Web/SMTP/etc servers defaults to M5#1
> 12.5.136.19 == M5#1 ip addr
> 12.5.136.18 == M5#2 ip addr
>
>
> We are advertising 12.5.136.0/24 via BGP, and this seems to
> work pretty well for inbound packets. Provider #1 and
> provider #2 seem to have a good distribution of routes,
> and so the inbound traffic seems to be as evenly divided
> as I could hope for (60/40 or so).
>
> Additionaly, we seem to able to survive an outage ( DS3, router,
> or provider), and the inbound and outbound packets start going
> over the surviving line nicely.
>
> But....outbound packets don't seem to be distributed in the same
> ratio as the inbound ones. *Some* traffic goes to provider #2,
> but the ratio is something like 90/10 ( again, inbound is closer to 60/40).
The obvious solution would be to add a second VRRP address, where the
other M5 is primary, and have half your servers use that one, that is
probably the easiest solution.
/Jesper
-- Jesper Skriver, jesper(at)skriver(dot)dk - CCIE #5456 Work: Network manager @ AS3292 (Tele Danmark DataNetworks) Private: FreeBSD committer @ AS2109 (A much smaller network ;-)One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone to bind them.
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:37 EDT