[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-users
Subject: Re: [Openswan Users] OpenSWAN load balancing setup
From: Erich Titl <erich.titl () think ! ch>
Date: 2010-07-09 8:21:41
Message-ID: 4C36DC15.901 () think ! ch
[Download RAW message or body]
Hi
at 09.07.2010 03:42, Willie Gillespie wrote:
> To be honest... I don't know. I'm not sure if Openswan just looks at
> the %defaultroute once, or if it is constantly monitoring it.
>
> The default for leftnexthop is "%direct (meaning right)." I imagine
> that the routing table takes effect like with any other connection.
> Since once a route is established, the kernel caches it -- it should
> continue to use that ISP.
>
> If the IPsec connection is started from your Openswan box, I don't see
> much of an issue as long as the link it is using remains up.
>
> Having never played with load balancing, I can see a slight problem.
> Imagine a connection made over ISP1. Then they disconnect and reconnect
> over ISP2 (perhaps by using round-robin DNS). I believe that the old
> route will still be cached on your box and go out ISP1 even if it came
> in through ISP2.
I used to play around with redundancy a while back by bundling two
interfaces into a eql device which was then used for a GRE tunnel. It
provided some sort of line redundany along with load balancing. I did
not use it for an IPSEC tunnel, but cannot see right now why it would
not work.
cheers
ET
["smime.p7s" (application/pkcs7-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic