Techniques are presented herein that address a singular pain point in a hierarchical software-defined wide area network (SD-WAN) deployment comprising an Internet Protocol (IP) version 6 (IPv6) transport – end-to-end encryption and decryption. Aspects of the presented techniques leverage the IPv6 address schema to support a new concept that may be referred to herein as a micro-Transport Locator (TLOC) or uTLOC. Under the presented techniques, when an Overlay Management Protocol (OMP) virtual private network (VPN) route is published a next hop may be set to the combination of all of the uTLOCs along a path. Within such a context, each router (along the path) may program a customized action (such as, for example, the shifting of a destination, an insertion into a source, etc.) into a routing table for a uTLOC prefix and then forward a packet to a destination edge without the need for decryption and re-encryption operations in an intermediate border router.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.