Encapsulating IPsec ESP in UDP for Load-balancing

Document Type Expired Internet-Draft (individual)
Last updated 2018-07-16 (latest revision 2018-01-09)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


IPsec Virtual Private Network (VPN) is widely used by enterprises to interconnect their geographical dispersed branch office locations across IP Wide Area Network (WAN) or the Internet, especially in the Software-Defined-WAN (SD-WAN) era. To fully utilize the bandwidth available in IP WAN or the Internet, load balancing of traffic between different IPsec VPN sites over Equal Cost Multi-Path (ECMP) and/or Link Aggregation Group (LAG) is attractive to those enterprises deploying IPsec VPN solutions. This document defines a method to encapsulate IPsec Encapsulating Security Payload (ESP) packets over UDP tunnels for improving load-balancing of IPsec ESP traffic.


Xiaohu Xu (xuxh.mail@gmail.com)
Dacheng Zhang (dacheng.zhang@huawei.com)
Liang Xia (frank.xialiang@huawei.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)