Executing multiple virtual private network (VPN) endpoints associated with an endpoint pool address

What is claimed is: 1. A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors, causes performance of operations comprising: receiving, from a plurality of clients, traffic addressed to a particular destination address; determining a current level of the traffic; based on the current level of the traffic, selecting a first number representing a first quantity of Virtual Private Network (VPN) endpoints to be executed for processing the traffic; executing a plurality of VPN endpoints corresponding to the first quantity of VPN endpoints, wherein each of the plurality of VPN endpoints implements a respective VPN tunnel for processing at least a portion of the traffic addressed to the same particular destination address; responsive at least to determining that a first portion of the traffic, addressed to the particular destination address, corresponds to a current VPN session associated with a first VPN endpoint of the plurality of VPN endpoints: directing the first portion of the traffic to the first VPN endpoint of the plurality of VPN endpoints, wherein the first VPN endpoint decapsulates data packets in the first portion of the traffic; responsive at least to determining that a second portion of the traffic, addressed to the particular destination address, does not correspond to the current VPN session associated with the first VPN endpoint: directing the second portion of the traffic to a second VPN endpoint of the plurality of VPN endpoints, wherein the second VPN endpoint decapsulates data packets in the second portion of the traffic; subsequent to executing the plurality of VPN endpoints: determining a second level of the traffic, wherein the second level of the traffic is different than the current level of the traffic; based on the second level of the traffic, selecting a second number representing a second quantity of VPN endpoints to be executed for processing the traffic; and executing a second plurality of VPN endpoints corresponding to the second quantity of VPN endpoints. 2. The non-transitory computer readable medium of claim 1 , wherein the second portion of the traffic is directed to the second VPN endpoint, of the plurality of VPN endpoints, while the first VPN endpoint is operational. 3. The non-transitory computer readable medium of claim 1 , wherein the operations further comprise: obtaining a set of session-to-endpoint mappings; identifying a session-to-endpoint mapping corresponding to the current VPN session, from the set of session-to-endpoint mappings; and determining that the session-to-endpoint mapping maps the current VPN session to the first VPN endpoint. 4. The non-transitory computer readable medium of claim 1 , wherein the operations further comprise: selecting the second VPN endpoint, for the second portion of the traffic, based on an endpoint selection algorithm. 5. The non-transitory computer readable medium of claim 4 , wherein the operations further comprise: storing a session-to-endpoint mapping between (a) a second VPN session corresponding to the second portion of the traffic and (b) the second VPN endpoint. 6. The non-transitory computer readable medium of claim 1 , wherein the operations further comprise: selecting the second VPN endpoint, for the second portion of the traffic, based on a load at each of the plurality of VPN endpoints. 7. The non-transitory computer readable medium of claim 1 , wherein the operations further comprise: receiving a data packet addressed to the particular destination address; generating a header comprising an identifier of the first VPN endpoint; encapsulating the data packet using the header; and transmitting the encapsulated data packet to the first VPN endpoint. 8. The non-transitory computer readable medium of claim 1 , wherein: the traffic addressed to the particular destination address is received at one or more gateways of an underlay network; the underlay network implements a first overlay network and a second overlay network; the first VPN endpoint forwards the first portion of the traffic to the first overlay network; and the second VPN endpoint forwards the second portion of the traffic to the second overlay network. 9. The non-transitory computer readable medium of claim 8 , wherein the first VPN endpoint forwards the first portion of the traffic to the first overlay network by encapsulating data packets of the first portion of the traffic. 10. The non-transitory computer readable medium of claim 1 , wherein the particular destination address is an Endpoint Pool Address. 11. The non-transitory computer readable medium of claim 1 , wherein: the first portion of the traffic is transmitted by a client, of the plurality of clients; and the first VPN endpoint is configured to authenticate the client for transmitting the first portion of the traffic. 12. The non-transitory computer readable medium of claim 1 , wherein: the first portion of the traffic is encrypted by a client, of the plurality of clients; and the first VPN endpoint decrypts the first portion of the traffic. 13. The non-transitory computer readable medium of claim 1 , wherein: the second portion of the traffic is directed to the second VPN endpoint, of the plurality of VPN endpoints, while the first VPN endpoint is operational; the traffic addressed to the particular destination address is received at one or more gateways of an underlay network; the underlay network implements a first overlay network and a second overlay network; the first VPN endpoint forwards the first portion of the traffic to the first overlay network; the second VPN endpoint forwards the second portion of the traffic to the second overlay network; and the operations further comprise: identifying a first session-to-endpoint mapping corresponding to the current VPN session, from a set of session-to-endpoint mappings; responsive to determining that the first session-to-endpoint mapping maps the current VPN session to the first VPN endpoint: selecting the first VPN endpoint for processing the first portion of the traffic; responsive to determining that a second VPN session, corresponding to the second portion of the traffic, is not included in the set of session-to-endpoint mappings: selecting the second VPN endpoint, based on an endpoint selection algorithm, for processing the second portion of the traffic; storing a second session-to-endpoint mapping between (a) the second VPN session and (b) the second VPN endpoint, in the set of session-to-endpoint mappings; generating a header comprising an identifier of the second VPN endpoint; encapsulating a data packet, of the second portion of the traffic, using the header; transmitting the encapsulated data packet to the second VPN endpoint; subsequent to transmitting the encapsulated data packet to the second VPN endpoint: determining that a session transfer criterion associated with the second VPN endpoint is satisfied; selecting a third second VPN endpoint, of the plurality of VPN endpoints, for transferring the second VPN session; transmitting a state associated with the second VPN session to the third VPN endpoint; and directing additional traffic associated with the second VPN session to the third VPN endpoint instead of the second VPN endpoint. 14. A system, comprising: at least one device including a hardware processor; and the system performs operations comprising: receiving, from a plurality of clients, traffic addressed to a particular destination address; determining a current level of the traffic; based on the current leve