1. Field of the Invention
Embodiments of the present invention generally relate to secured network traffic management.
2. Description of the Related Art
Network virtualization techniques have been developed that allow a local area network (LAN) to be segmented into multiple, logically discrete, virtual LAN network segments (VNETs). For example, network segmentation preservation by route distribution with segment identification, policy distribution for a given segment, and encapsulation/decapsulation for each segment may be accomplished using an Ethernet “VLAN_ID” (or other L2 identifier) indicative of the VNET segment to which a given data packet “belongs.”
Passing traffic between sites segmented using VNETs over an IP wide area network (WAN) such as an MPLS/VPN connection that is provided by a service provider has been a known challenge, limiting the deployment of VNETs. One current approach for allowing a VNET segment to exist across an IP WAN has been to use generic routing encapsulation (GRE) tunnels or an overlay routing model to create multiple point-to-point connections among hosts. This approach, however, fails to provide an adequately scalable network architecture, as a separate point-to-point connection is required for each possible pair of hosts.
Accordingly, what is needed is a technique for providing a secured interconnection of virtual LAN sites over a wide area network