Hi Suraj,
Thank you for sharing the document. What I understood is traffic selector is unpredictable if i have two routes for the same subnetwork. That should be fine for me as anyone routes will be picked to reach remote network as far as downtime is concerned.
In my scenario, I got 2 VPN links to 2 different locations with 2 diferent ISP's.
where st0.1 is with ISP1 and st0.2 is with ISP2. Configured Traffic selector on both tunnels with same subnetwork.
I can see both routes in my routing table where one is preferred as active. for ex:st0.2 here.
Now, issue is when st0.2 route is deleted from the routing table during the ISP1 failure, st0.3 will be active and works. Sometimes it doesnt when the backup route acts as active route, Interface(st0.3) automatically changes to st0.2 though it was showing as st0.3 before the ISP1 failure. this results in my downtime. I have no idea when the routing table shows st0.3 as backup and why it changes to st0.2 when it becomes active and it happens vice versa as well.
This is the output of the remote subnet route.
inet.0: 108 destinations, 117 routes (108 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
<remote subnet> *[Static/5] 06:02:54
> via st0.2
[Static/5] 06:02:46
> via st0.3
Sometimes I see the route table like this. Both route pointing to st0.2. After restart of IPsec it will be correctly pointed. Not sure what is causing this.
<remote subnet> *[Static/5] 02:58:48
> via st0.2
[Static/5] 01:25:56
> via st0.2
can you please help on this. I'm not sure is this the issue with the firmware.