[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openswan-users
Subject:    Re: [Openswan Users] OpenSWAN load balancing setup
From:       Erich Titl <erich.titl () think ! ch>
Date:       2010-07-09 8:21:41
Message-ID: 4C36DC15.901 () think ! ch
[Download RAW message or body]


Hi

at 09.07.2010 03:42, Willie Gillespie wrote:
> To be honest... I don't know.  I'm not sure if Openswan just looks at 
> the %defaultroute once, or if it is constantly monitoring it.
> 
> The default for leftnexthop is "%direct (meaning right)."  I imagine 
> that the routing table takes effect like with any other connection. 
> Since once a route is established, the kernel caches it -- it should 
> continue to use that ISP.
> 
> If the IPsec connection is started from your Openswan box, I don't see 
> much of an issue as long as the link it is using remains up.
> 
> Having never played with load balancing, I can see a slight problem. 
> Imagine a connection made over ISP1.  Then they disconnect and reconnect 
> over ISP2 (perhaps by using round-robin DNS).  I believe that the old 
> route will still be cached on your box and go out ISP1 even if it came 
> in through ISP2.

I used to play around with redundancy a while back by bundling two
interfaces into a eql device which was then used for a GRE tunnel. It
provided some sort of line redundany along with load balancing. I did
not use it for an IPSEC tunnel, but cannot see right now why it would
not work.

cheers

ET


["smime.p7s" (application/pkcs7-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]