The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Computer networks are often established using network elements that communicate data in non-encrypted, plain-text form. An example is a private network that uses multi-protocol label switching, or an MPLS VPN. After such a network is initially set up, a network administrator may wish to convert the network so that the network elements can communicate encrypted data. The administrator may wish to convert the network so that a tunnel-less encryption method (such as Cisco Group Encrypted Transport VPN or GET VPN) can be used.
In one approach, during the conversion process VPN gateways are expected to encrypt packets whenever possible, and send cleartext packets otherwise. However, tunnel-less VPN methods such as GET VPN have no concept of a peer, and therefore the state of a peer is not known to a VPN gateway. This problem causes difficulty in performing a conversion. Further, present techniques for converting networks are complicated and disruptive.