Traditional site-to-site IP VPNs use IKE (Internet Key Exchange) to establish a security association (SA) between two endpoints. While traditional IKE has been well-established as the control plane for IPSec VPNs, it suffers from the following challenges.