Distributed IPSec gateway

The invention discloses a distributed IPSec gateway technology. A control layer and a data layer of an IPSec gateway are separated, and a plurality of gateway processing nodes are operated in the datalayer to process the incoming ESP/AH flow data packet and/or an out-coming IP flow data packet, and IKE information interaction is processed in the control layer, and flow guiding for each gateway processing node in the data layer is carried out. The control layer and the data layer are designed in a separated manner, so that the distributed IPSec gateway is realized. 在本文公开了种分布式IPSec网关技术，将IPSec网关的控制层和数据层进行分离，在数据层中运行多个网关处理节点来处理入向ESP/AH流量的数据包和/或出向IP流量的数据包，在控制层中处理IKE信息交互以及对数据层中的各个网关处理节点进行流量导引。通过控制层和数据层进行分离设计，从而实现了分布式IPSec网关。