Looking at the configuration, you will able to verify the kind of VPN. Also, in the command of "show security ipsec security-associations index <X> detail", if its a policy based VPN, you see the Policy-name but will not be seen in the route based.
In route based VPN, you use a tunel interface where you the direct the traffic to that has to take the VPN. You would see the st0 interface being used. This is not need in the policy based VPN. The traffic selectors are to be configured in this case which is not necessary in otherwise.
In policy based VPN, you refer the VPN in the policy thats configured for the traffic that has to take the VPN.
Spoke>sh security ike security-associations ----->there are two UP sessions and each one is synchorinised to each hub VPNs.
Spoke>show security ipsec security-associations---->there are 4 U sessions(first 2 of them to 1st hub; last 2 to 2nd hub)
Can I ask why 2 UP sessions there are in ike? why not one is UP another one is Down(until first one gets down) Can I understand is this kind of load blancing, like 50% ipsec traffic goes to hub1 and another half goes to hub2 at the same time? And how to test it to make sure entire traffic goes hub1 or hub2?
They are two independent IKE SA's built to two different sites. These are just IKE SA's is just a channel to exchange secure information between the peers to establish the tunnel. This is just phase 1 post which phase 2 has to complete after which traffic passes through the tunnel.
IKE SA is bidirectional and hence you see a single SA for each hub. The IPsec SAs are unidirectional so that peer 1 will offer peer 2 a policy. If peer 2 accepts this policy, it will send that policy back to peer 1. This establishes two one-way SAs between the peers. Two-way communication consists of two SAs, one for each direction.
Regarding the load balancing, it depends on configuration as to how to route the traffic to the destination. You configure ECMP routes to the same destination using two VPN's or you these two VPN's to two different destinations or use one as a backup if the first goes down.