This document presents one approach to enhance data protection when
transmitting IPsec datagrams across the insecure networks. The
method affords the stronger protection to the traffic by splitting it
among a set of sub-tunnels. All the Security Associations (SAs) are
set up independently for all sub-tunnels. Both the sending and
receiving entity combine all the sub-tunnels to one clustered tunnel.
As different sub-tunnel uses different crypto key materials and
processing parameters, it may achieve the stronger protection of the
traffic across the insecure networks. In addition, it could possibly
bring more benefits in terms of the network control.