Hi, > How exactly do these kind of kind of multipath routes compare to > multiple routes with different priorities/metrics? In your case you > have multiple paths with the same weight, how is the actual > nexthop/interface chosen by the kernel?
The nexthop of a multipath route is selected randomly considering its weight, based on a hash of the packet address to keep flows on the same path. With multiple routes with a priority, only the route with the lowest priority is used. When used with IPsec, these multipath routes get somewhat unpredictable; the route lookup for the unencrypted traffic yields a route, but the IPsec policy used may be configured to use the outer tunnel source address of a different interface, depending on where the tunnel was established over. In short, multipath routes won't work very well with strongSwan as-is. If you don't need load sharing, use multiple distinct routes with different priorities. If you want to share load, you may consider using policy based routing, for example using marks. But be warned, this then gets close to rocket science. Regards Martin _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
