| CPC H04L 63/0485 (2013.01) [H04L 63/0272 (2013.01)] | 15 Claims |
|
10. A method for encrypting outbound data packets to be communicated over a single virtual private network (VPN) tunnel from a VPN gateway to a remote device, the method comprising:
determining a number of available processing cores to encrypt the outbound data packets being communicated to the remote device over the single VPN tunnel and to decrypt inbound data packets that are received from the remote device over the single VPN tunnel, wherein an individual processing core comprises an available processing core based on a determination that the individual processing core is operating at a capacity that is less than a threshold capacity;
responsive to determining the number of available processing cores, dividing the number of available processing cores into a first set of processing cores to encrypt the outbound data packets and a second set of processing cores to decrypt the inbound data packets;
creating multiple outbound security associations (SAs) for the single VPN tunnel;
associating a different processing core, of the first set of processing cores, with each of the multiple outbound SAs created for the single VPN tunnel;
receiving an outbound data packet to be encrypted, wherein the outbound data packet includes a header that specifies a destination Internet Protocol (IP) address;
selecting an outbound SA, from the multiple outbound SAs, for the outbound data packet based on the destination IP address specified in the header of the outbound data packet; and
routing, for encryption purposes, the outbound data packet to the processing core that is associated with the selected outbound SA.
|