@techreport{he-ipsecme-vpn-shared-ipsecsa-01, number = {draft-he-ipsecme-vpn-shared-ipsecsa-01}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-he-ipsecme-vpn-shared-ipsecsa/01/}, author = {Qi He and Wei Pan and Xiaolan Chen and Beijing Ding}, title = {{Shared Use of IPsec Tunnel in a Multi-VPN Environment}}, pagetotal = 19, year = 2024, month = jul, day = 8, abstract = {In a multi-VPN environment, currently, different IPsec tunnels (i.e., different IKE SAs and Child SAs) have to be created to differentiate and protect the traffic of each VPN between the device and its peer. When the number of neighbors of a device and the number of VPNs increases, the number of IPsec tunnels also increases considerably. This results in the need for a large number of SAs, which exceeds the device's capacity. This document proposes a method for different VPNs to share the use of a single IPsec tunnel, which can greatly reduce the number of SAs required in a multi-VPN scenario.}, }