Load Balancer Tunnel Group Support for IPSec

Oracle SD-WAN Edge supports multiple IPSec tunnels for Load balancing tunnel Groups. The support includes multiple tunnels for the same remote endpoint IP originating across different source WAN links as well as multiple tunnels originating from the same source WAN link servicing different remote IPs.

You can create multiple tunnels to connect to a remote service. The system uses all tunnels to load balance traffic flow. You can create tunnels on the same or different WAN links of the same internet or intranet service.

Note:

If a WAN link stops functioning, the tunnel stops transferring traffic.

The following illustration shows examples of supported tunnels for HA pairs.

This illustration shows the connections described in the following text.

WAN 1 connects intranet Group 1- Tunnel 1, Group 1 - Tunnel 2, and Group 1 - Tunnel 3 to individual endpoints.
WAN 2 connects intranet Group 1- Tunnel 4 and Group 1 - Tunnel 5 to individual endpoints
WAN 3 intranet Group 1- Tunnel M to an individual endpoint.

The Tunnel Group Load Balancer supports:

a minimum of one tunnel when defined with tunnel group – load balancer.
defaulting all tunnels in the tunnel group to active.
allowing, disabling, and enabling when required.
adding and removing a tunnel to or from a tunnel group, when the tunnel group is live.
requiring all tunnels within the tunnel group to be on the same type of service (Either internet or intranet).
load balancing tunnels across WAN links.
more than a single tunnel to connect to same endpoint (IPs) for a single remote service. Source must be different WAN links.
a tunnel connecting to different endpoint (IPs) for a single remote service. Source may be the same or a different WAN links.
using round robin algorithm to utilize all tunnels in the tunnel group.
sending and receiving of the flows across tunnels in the load balancing tunnel group.