Conventional computerized devices, such as personal computers, laptop computers, and data communications devices (e.g., routers, switches, gateways and the like) exchange data over networks using a variety of communications mechanisms. In order to ensure privacy during these exchanges, and to prevent any malicious attacks, it is often necessary to have a secured connection. An encrypted virtual private network, such as the Dynamic Multipoint Virtual Private Network (DMVPN) for example, creates these secured connections via encrypted tunnels between a device and each of its peers. The tunnels use pair-wise security associations, where only the two endpoints have the encryption keys for the tunnel. This is optimal for security since, generally, a spoke should only receive the packets sent to that particular spoke.
When a device acts as a hub, the device can send multicast and broadcast packets through these encrypted tunnels, each of which is encrypted separately. This situation is particularly common when dynamic routing is configured on routable tunnel interfaces connecting the hub to its peers (i.e., the destination of the packet). Dynamic routing protocols often broadcast routing packets to a Local Area Network (LAN). When the members of the LAN are all reachable through tunnels, the broadcast packet will be replicated, then encrypted and sent through each tunnel. The replicated broadcast packet is thus individually encrypted as it passes through an encrypted tunnel.