METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR MAINTAINING FLOW AFFINITY TO INTERNET PROTOCOL SECURITY (IPSEC) SESSIONS IN A LOAD-SHARING SECURITY GATEWAY

摘要

Methods, systems, and computer readable media for maintaining flow affinity to IPSec sessions in a load-sharing security gateway are disclosed. According to one embodiment, the method includes receiving packets at a security gateway that provides communications of packet flows between source and destination entities using IPSec sessions. For each packet, it is determined whether the packet is assigned to an existing packet flow between a source and a destination entity that is being processed by the SG. In response to determining that the packet belongs to an existing flow, the packet is forwarded to a processing element associated with that flow and IPSec processing is performed at the processing element. In response to determining that the packet does not belong to an existing flow, a new flow is defined and assigned to a next available processing element. IPSec processing is performed for the flow at the next available processing element.