Skip to main content

Shared Use of IPsec Tunnel in a Multi-VPN Environment
draft-he-ipsecme-vpn-shared-ipsecsa-01

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Qi He , Wei Pan , Xiaolan Chen , Beijing Ding
Last updated 2025-01-09 (Latest revision 2024-07-08)
RFC stream (None)
Intended RFC status (None)
Formats
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

Abstract

In a multi-VPN environment, currently, different IPsec tunnels (i.e., different IKE SAs and Child SAs) have to be created to differentiate and protect the traffic of each VPN between the device and its peer. When the number of neighbors of a device and the number of VPNs increases, the number of IPsec tunnels also increases considerably. This results in the need for a large number of SAs, which exceeds the device's capacity. This document proposes a method for different VPNs to share the use of a single IPsec tunnel, which can greatly reduce the number of SAs required in a multi-VPN scenario.

Authors

Qi He
Wei Pan
Xiaolan Chen
Beijing Ding

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)