security parameter index (IPsec) (SPI)

The Security ParameterIndex(SPI) is an identification tag that is added to the header of IPsec together with the IPdestination address and a security protocol. This tag allows the kernel to distinguish between traffic using different encryption methods.

Thanks to the SPI tag, which is a freely selectable bit string that serves as a unique identifier for an IPsec connection, receiving systems can select the security agreement under which a received data packet was encrypted. The bit sequence, which can be interpreted by the data source, facilitates the processing of data packets.

When using the IKE protocol, Internet Key Exchange (IKE), to determine the security organization, the SPI value for each security organization is a statistically chosen number. For other security protocols, the SPI value can be specified manually.