In a trusted network security architecture, a secure network is built by establishing a domain of trusted network devices, where the domain is referred to as a trusted domain. Each device in the trusted domain is authenticated by its peers. Communication on a link between devices in the trusted domain is secured using a combination of encryption, a message integrity check, and a mechanism of data-path reply protection. In the trusted network security architecture, device and user credentials acquired during authentication are used for classifying packets that enter the network into security groups (SGs). Packet classification is performed by tagging the packets at the ingress such that the packets can be identified and be applied network security policies corresponding to tags, along a data path. The tags are referred to as security group tags (SGTs) and allow the network to execute the network security policies based on the SGTs.
In the trusted network security architecture, SGT information generally needs to be propagated within trusted domains and across trusted domains. However, SGT information propagation needs to consume network resources and increase network complexity.