VPN Group Support for CE-based IPsec VPN
IPsec tunneling provides a site-to-site connection when building a CE-based IPsec VPN. In a large scale VPN deployment, especially when a service provider manages a large number VPNs, there is a need to manage IPsec tunnels on a group basis, instead of on a tunnel basis. This document describes the definition of a VPN group, its attributes, and usage of VPN group when managing IPsec tunnels. By grouping IPsec tunnels and sites into an IPsec VPN group, service providers can design, provision, and manage the IPsec-based CE VPN at both group level and tunnel/site level. This gives service providers more flexibility and provides more aggregation capability to reduce operation complexity.