Encapsulating IPsec ESP in UDP for Load-balancing
draft-xu-ipsecme-esp-in-udp-lb-00

Document Type Active Internet-Draft (individual)
Last updated 2016-10-31
Stream (None)
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                             X. Xu
Internet Draft                                                 D. Zhang
Category: Standard Track                                          L.Xia
                                                                 Huawei

Expires: December 2016                                 October 31, 2016

            Encapsulating IPsec ESP in UDP for Load-balancing

                    draft-xu-ipsecme-esp-in-udp-lb-00

    Abstract

  IPsec Virtual Private Network (VPN) is widely used by enterprises to
  interconnect their geographical dispersed branch office locations
  across IP Wide Area Network (WAN). To fully utilize the bandwidth
  available in IP WAN, load balancing of traffic between different
  IPsec VPN sites over Equal Cost Multi-Path (ECMP) and/or Link
  Aggregation Group (LAG) within IP WAN is attractive to those
  enterprises deploying IPsec VPN solutions. This document defines a
  method to encapsulate IPsec Encapsulating Security Payload (ESP)
  packets inside UDP packets for improving load-balancing of IPsec
  tunneled traffic. In addition, this encapsulation is also applicable
  to some special multi-tenant data center network environment where
  the overlay tunnels need to be secured.

    Status of this Memo

  This Internet-Draft is submitted in full conformance with the
  provisions of BCP 78 and BCP 79.

  Internet-Drafts are working documents of the Internet Engineering
  Task Force (IETF), its areas, and its working groups. Note that
  other groups may also distribute working documents as Internet-
  Drafts.

  Internet-Drafts are draft documents valid for a maximum of six
  months and may be updated, replaced, or obsoleted by other documents
  at any time. It is inappropriate to use Internet-Drafts as reference
  material or to cite them other than as "work in progress."

  The list of current Internet-Drafts can be accessed at
  http://www.ietf.org/ietf/1id-abstracts.txt.

  The list of Internet-Draft Shadow Directories can be accessed at
  http://www.ietf.org/shadow.html.

    Xu, et al.            Expires December 31, 2016               [Page 1]
    Internet-Draft   Encapsulating ESP in UDP for Load-balancing    October
    2016

  This Internet-Draft will expire on December 31, 2016.

    Copyright Notice

  Copyright (c) 2013 IETF Trust and the persons identified as the
  document authors.  All rights reserved.

  This document is subject to BCP 78 and the IETF Trust's Legal
  Provisions Relating to IETF Documents
  (http://trustee.ietf.org/license-info) in effect on the date of
  publication of this document. Please review these documents
  carefully, as they describe your rights and restrictions with
  respect to this document. Code Components extracted from this
  document must include Simplified BSD License text as described in
  Section 4.e of the Trust Legal Provisions and are provided without
  warranty as described in the Simplified BSD License.

    Conventions used in this document

  The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
  "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
  document are to be interpreted as described in RFC-2119 [RFC2119].

    Table of Contents

  1. Introduction ................................................ 3
  2. Terminology ................................................. 4
  3. Encapsulating ESP in UDP .................................... 4
  4. Encapsulation and Decapsulation Procedures .................. 5
  5. Congestion Considerations ................................... 5
  6. Security Considerations ..................................... 5
  7. IANA Considerations ......................................... 6
  8. Acknowledgements ............................................ 6
  9. References .................................................. 6
     9.1. Normative References ................................... 6
     9.2. Informative References ................................. 6
  Authors' Addresses ............................................. 7

    Xu, et al.            Expires December 31, 2016               [Page 2]
    Internet-Draft   Encapsulating ESP in UDP for Load-balancing    October
    2016

    1. Introduction

  IPsec Virtual Private Network (VPN) is widely used by enterprises to
  interconnect their geographical dispersed branch office locations
  across IP Wide Area Network (WAN). To fully utilize the bandwidth
  available in IP WAN, load balancing of traffic between different
  IPsec VPN sites over Equal Cost Multi-Path (ECMP) and/or Link
  Aggregation Group (LAG) within IP WAN is much attractive to those
  enterprises that deploy IPsec VPN solutions. Since most existing
  core routers within IP WAN can already support balancing IP traffic
Show full document text