As described above, SDN controller 206 may communicate with PE router 208 using link 220 to direct PE router 208 to insert the flow criteria into the router data flow list. The insertion may include a timeout and/or a timestamp. The router data flow list may be used for future data packets associated with the same data flow as the original data packet to forward the future data packets toward a destination. For example PE router 208 may use the router data flow list to forward a future data packet to customer-edge (CE) router 210 using link 222, rather than routing the data packet to firewall 212. Bypassing firewall 212, in this instance, may reduce the network bandwidth required and/or reduce the number of physical ports required on firewall 212 and/or PE router 208. Firewall 212, for instance, may be located in a location separate from one or more domains in the network, which may increase the latency of authenticating a data packet. Bypassing firewall 212 may reduce the latency and may decrease the bandwidth requirements of the network. A data packet routed to CE router 210 may then be routed toward client 102-2, which may be the destination of a communication with client 102-1.

Although, SDN controller 206 is shown as communicating with PE router 208, SDN controller may communicate with any number of routers within network 100 using any number of links 112. Moreover, although two domains are shown, any number of domains may be used.