Path selection for data packets encrypted based on an IPSEC protocol

What is claimed is: 1. A method for selecting between a plurality of paths for sending an encrypted packet from a source endpoint to a destination endpoint, comprising: selecting, at the source endpoint, a first source port, of a plurality of source ports, associated with a first path of the plurality of paths for sending the encrypted packet from the source endpoint to the destination endpoint, wherein each source port of the plurality of source ports is associated with a different path of the plurality of paths for sending the encrypted packet from the source endpoint to the destination endpoint, and wherein the encrypted packet is encrypted based on a security association (SA) established between the source endpoint and the destination endpoint in accordance with an Internet Protocol (IP) Security (IPSec) protocol; determining, at the source endpoint, network address translation traversal (NAT-T) is enabled for the SA; based on the determining that NAT-T is enabled for the SA, encapsulating, at the source endpoint, the encrypted packet with a user datagram protocol (UDP) header having the first source port associated with the first path; and transmitting the encapsulated encrypted packet from the source endpoint to the destination endpoint via the first path. 2. The method of claim 1 , further comprising maintaining, for the SA, a mapping of the plurality of source ports to the plurality of paths. 3. The method of claim 1 , wherein encapsulating the encrypted packet comprises: encapsulating the encrypted packet with the UDP header having a fixed source port subsequent to enabling the NAT-T; and replacing the fixed source port in the UDP header with the first source port. 4. The method of claim 1 , further comprising: receiving an indication of a subset of the plurality of paths as qualified paths from the destination endpoint, the subset including the first path, wherein selecting the first source port associated with the first path is based on receiving the indication. 5. The method of claim 1 , further comprising: after transmitting the encrypted packet, determining, based on probing the plurality of paths, that a second path of the plurality of paths is more qualified than the first path; encapsulating subsequent encrypted packets with a second UDP header having a second source port, of the plurality of source ports, associated with the second path; and transmitting the subsequent encrypted packets to the destination endpoint via the second path. 6. The method of claim 1 , wherein the encrypted packet is a first encrypted packet of a plurality of encrypted packets associated with first and second data flows, further comprising: selecting a second path of the plurality of paths; encapsulating a first set of encrypted packets of the plurality of encrypted packets that is associated with the first data flow with the UDP header having the first source port associated with the first path; encapsulating a second set of encrypted packets the plurality of encrypted packets that is associated with the second data flow with a second UDP header having a second source port associated with the second path; transmitting the first set of encapsulated encrypted packets to the destination endpoint via the first path; and transmitting the second set of encapsulated encrypted packets to the destination endpoint via the second path. 7. The method of claim 1 , wherein selecting the first source port associated with the first path comprises: probing the plurality of paths by sending probing packets to the destination endpoint, the probing packets having a destination port number associated with the destination endpoint and having different source port numbers associated with the plurality of source ports; and selecting the first source port associated with the first path based on the probing. 8. The method of claim 7 , wherein probing the plurality of paths comprises determining a quality of each path in the plurality of paths by measuring at least one of latency, liveliness, throughput, or packet loss associated with the path. 9. A non-transitory computer readable medium comprising instructions that, when executed by one or more processors of a computing system, cause the computing system to perform a method for selecting between a plurality of paths for sending an encrypted packet from a source endpoint to a destination endpoint, the method comprising: selecting, at the source endpoint, a first source port, of a plurality of source ports, associated with a first path of the plurality of paths for sending the encrypted packet from the source endpoint to the destination endpoint, wherein each source port of the plurality of source ports is associated with a different path of the plurality of paths for sending the encrypted packet from the source endpoint to the destination endpoint, and wherein the encrypted packet is encrypted based on a security association (SA) established between the source endpoint and the destination endpoint in accordance with an Internet Protocol (IP) Security (IPSec) protocol; determining, at the source endpoint, network address translation traversal (NAT-T) is enabled for the SA; based on the determining that NAT-T is enabled for the SA, encapsulating, at the source endpoint, the encrypted packet with a user datagram protocol (UDP) header having the first source port associated with the first path; and transmitting the encapsulated encrypted packet from the source endpoint to the destination endpoint via the first path. 10. The non-transitory computer readable medium of claim 9 , the method further comprising maintaining, for the SA, a mapping of the plurality of source ports to the plurality of paths. 11. The non-transitory computer readable medium of claim 9 , wherein encapsulating the encrypted packet comprises: encapsulating the encrypted packet with the UDP header having a fixed source port subsequent to enabling the NAT-T; and replacing the fixed source port in the UDP header with the first source port. 12. The non-transitory computer readable medium of claim 9 , the method further comprising: receiving an indication of a subset of the plurality of paths as qualified paths from the destination endpoint, the subset including the first path, wherein selecting the first source port associated with the first path is based on receiving the indication. 13. The non-transitory computer readable medium of claim 9 , the method further comprising: after transmitting the encrypted packet, determining, based on probing the plurality of paths, that a second path of the plurality of paths is more qualified than the first path; encapsulating subsequent encrypted packets with a second UDP header having a second source port, of the plurality of source ports, associated with the second path; and transmitting the subsequent encrypted packets to the destination endpoint via the second path. 14. The non-transitory computer readable medium of claim 9 , wherein the encrypted packet is a first encrypted packet of a plurality of encrypted packets associated with first and second data flows, the method further comprising: selecting a second path of the plurality of paths; encapsulating a first set of encrypted packets of the plurality of encrypted packets that is associated with the first data flow with the UDP header having the first source port associated with the first path; encapsulating a second set of encrypted packets the plurality of encrypted packets that is associated with the second data flow with a second UDP header having a second source port associated with the second path; transmitting the fir