US Patent 9258282 Simplified mechanism for multi-tenant encrypted virtual networks

The present disclosure provides protection of customer data traveling across a network. A reverse cryptographic map (also referred to herein as a reverse crypto map) can be defined for a customer, where the reverse crypto map indicates how customer data should be protected. A reverse crypto map for a customer is applied to an interface of an edge device that is coupled to that customer's private subnet (or customer-facing interface). A reverse crypto map can be configured by a network administrator on a provider edge device, or can be pushed from a key server as part of group policy. A provider edge device can protect customer data by encrypting and decrypting the customer data according to the reverse crypto map. A provider edge device can also be configured with virtual routing and forwarding (VRF) tables that can be used to forward the VPN traffic flow across a provider network.