Please ignore my previous post. Shortly after sending it I realized that I had defined private_net-a <-> private_net-b policies for only one of the IPsec tunnels. Once I realized this I manually downed one of the tunnels so that BGP would be forced to choose the one path I had entries for. This appears to have stabilized things. This does however lead to a new question. With the current policy-based IPsec implementation, is it even possible to have multiple paths leading to the same remote network? Thanks, Ed -- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
