We're trying to figure out how to have equal cost multipath routing using OSPF (quagga) and have come up with the following... Has anyone done something similar? -- How do you deal with incoming services (mail/web/etc) in such a scenario as below - And does anyone have any suggestions? There's more detail below.... Diagram and overview: Network A connects to Core1 and Core2 via 100mbit ethernet, and uses a virtual default gateway IP address provided by UCARP. Core1 and Core2 are each connected to Border1 and Border2 via 100mbit ethernet links. Border1 is connected to ISP1 via a T1, same thing with Border2 and ISP2. Remote1 is on a T1, Remote2 is on a DSL line. Each remote router connects via IPSec to both Border1 and Border2. We run GRE tunnels over these IPSec connections and route traffic over the GRE tunnels using OSPF with Quagga. This allows us to do failover and load balancing. The core router tier does not exist right now. We want to put it in place so that the OSPF costs will be the same for either path to each remote site. We desire to continue to have incoming services hosted by servers on Network A. While packets will come in from, say, ISP1, be NAT'd by border1, and arrive at the server on Network A without a problem, we need to ensure that core1 and core2 route those return packets to border1 instead of border2. Likewise for the services we want to host using ISP2. [Network A] | | [core1] [core2] | \ / | | \ / | | X | | / \ | | / \ | [border1] [border2] | | ISP1 ISP2 | | \ / ( The Internet ) / \ | | ISP3 ISP4 (Networks D through P | | not shown for clarity) [remote1] [remote2] | | [Network B] [Network C] _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/