At 730, the flow criteria may be sent to a router from the SDN controller. The flow criteria received from a router may be used to update the router flow table. At 732, it may be determined whether the bandwidth of the flow criteria is greater than or equal to a threshold. The threshold may be determined based on the capacity of the network. At 734, an additional connection may be established. The additional connection, which may be a WDM connection, may enable an authorized data flow to bypass at least one additional network element. At 736, another data packet associated with the same data flow may be received and may be forwarded toward a destination. The forwarding may include bypassing at least one network element, including but not limited to a router and/or a firewall. At 738, the flow criteria may be removed, invalidated, or deleted after the timeout associated with the flow criteria entry expires. The expiration may influence the storage of the flow criteria in the firewall, router, and/or SDN controller.

The above disclosed subject matter is to be considered illustrative, and not restrictive, and the appended claims are intended to cover all such modifications, enhancements, and other embodiments which fall within the true spirit and scope of the present disclosure. Thus, to the maximum extent allowed by law, the scope of the present disclosure is to be determined by the broadest permissible interpretation of the following claims and their equivalents, and shall not be restricted or limited by the foregoing detailed description.