Encapsulating IPsec ESP in UDP for Load-balancing

Document Type Expired Internet-Draft (individual)
Last updated 2017-05-04 (latest revision 2016-10-31)
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


IPsec Virtual Private Network (VPN) is widely used by enterprises to interconnect their geographical dispersed branch office locations across IP Wide Area Network (WAN). To fully utilize the bandwidth available in IP WAN, load balancing of traffic between different IPsec VPN sites over Equal Cost Multi-Path (ECMP) and/or Link Aggregation Group (LAG) within IP WAN is attractive to those enterprises deploying IPsec VPN solutions. This document defines a method to encapsulate IPsec Encapsulating Security Payload (ESP) packets inside UDP packets for improving load-balancing of IPsec tunneled traffic. In addition, this encapsulation is also applicable to some special multi-tenant data center network environment where the overlay tunnels need to be secured.


Xiaohu Xu (xuxiaohu@huawei.com)
Dacheng Zhang (dacheng.zhang@huawei.com)
Liang Xia (frank.xialiang@huawei.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)