The primary method used to secure data as it transverses between data center sites is IPsec, or Internet Protocol Security. IPsec is commonly used to encrypt portions of the IP packet. The dataflow is encrypted at the edge of one site and then decrypted at the entry point to the second site. IPsec has two different modes of operation:

Transport mode only encrypts the IP packets payload and leaves the header in an unencrypted state so it can be read by other network devices. However, in tunnel mode, the entire IP packet, including its header, is encrypted, meaning that it must be encapsulated in another IP packet with an unencrypted header. This way the source and destination information in the header of the packet can be read by network devices. Tunnel mode is most commonly used for point-to-point or site-to-site VPNs.