Enterprises looking for ways to securely extend layer two segments between data centers for transport across public networks use encryption. To achieve encryption, enterprises first use layer 3 (L3) encapsulation. Encryption peers at both ends of the session agree on encryption parameters including, for example, encryption keys. Therefore L3 encapsulation is performed before encryption is performed. L3 encapsulation in this case creates a point to point tunnel that corresponds to encryption peers that are in agreement on how to handle the encrypted session. Tunneling then encrypting may lead to efficiency decreases because not all traffic needs to be encrypted. If the transport provides a transparent local area network (LAN) service then Internet Protocol (IP) tunneling adds an unnecessary encapsulation.