[Openswan Users] OpenSWAN load balancing setup
Erich Titl
erich.titl at think.ch
Fri Jul 9 04:21:41 EDT 2010
Hi
at 09.07.2010 03:42, Willie Gillespie wrote:
> To be honest... I don't know. I'm not sure if Openswan just looks at
> the %defaultroute once, or if it is constantly monitoring it.
>
> The default for leftnexthop is "%direct (meaning right)." I imagine
> that the routing table takes effect like with any other connection.
> Since once a route is established, the kernel caches it -- it should
> continue to use that ISP.
>
> If the IPsec connection is started from your Openswan box, I don't see
> much of an issue as long as the link it is using remains up.
>
> Having never played with load balancing, I can see a slight problem.
> Imagine a connection made over ISP1. Then they disconnect and reconnect
> over ISP2 (perhaps by using round-robin DNS). I believe that the old
> route will still be cached on your box and go out ISP1 even if it came
> in through ISP2.
I used to play around with redundancy a while back by bundling two
interfaces into a eql device which was then used for a GRE tunnel. It
provided some sort of line redundany along with load balancing. I did
not use it for an IPSEC tunnel, but cannot see right now why it would
not work.
cheers
ET
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3409 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20100709/3394c987/attachment.bin
More information about the Users
mailing list