VMware, Inc.
PATH SELECTION FOR DATA PACKETS ENCRYPTED BASED ON AN IPSEC PROTOCOL

Abstract:

A method for selecting between a plurality of paths for sending an encrypted packet from a source endpoint to a destination endpoint is provided. The method selects a first path of the plurality of paths for sending the encrypted packet from the source endpoint to the destination endpoint, each of the plurality of paths associated with a different one of a plurality of source ports, the encrypted packet being encrypted based on a security association established between the source endpoint and the destination endpoint in accordance with an IPSec protocol. The method further encapsulates, based on the SA having NAT-T enabled, the encrypted packet with a UDP header having a first source port associated with the first path. The method then transmits the encapsulated encrypted packet from the source endpoint to the destination endpoint via the first path.