%% You should probably cite draft-ietf-ipsecme-multi-sa-performance-08 instead of this revision.
@techreport{ietf-ipsecme-multi-sa-performance-06,
    number =    {draft-ietf-ipsecme-multi-sa-performance-06},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-ipsecme-multi-sa-performance/06/},
    author =    {Antony Antony and Tobias Brunner and Steffen Klassert and Paul Wouters},
    title =     {{IKEv2 support for per-resource Child SAs}},
    pagetotal = 13,
    year =      2024,
    month =     mar,
    day =       20,
    abstract =  {This document defines two Notify Message Type Payloads for the Internet Key Exchange Protocol Version 2 (IKEv2) to support the negotiation of multiple Child SAs with the same Traffic Selectors used on different resources, such as CPUs, to increase bandwidth of IPsec traffic between peers. The SA\_RESOURCE\_INFO notification is used to convey information that the negotiated Child SA and subsequent new Child SAs with the same Traffic Selectors are a logical group of Child SAs where most or all of the Child SAs are bound to a specific resource, such as a specific CPU. The TS\_MAX\_QUEUE notify conveys that the peer is unwilling to create more additional Child SAs for this particular negotiated Traffic Selector combination. Using multiple Child SAs with the same Traffic Selectors has the benefit that each resource holding the Child SA has its own Sequence Number Counter, ensuring that CPUs don't have to synchronize their cryptographic state or disable their packet replay protection.},
}