Systems and methods for routing network traffic using labels

What is claimed is: 1. A device, comprising: one or more processors; and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause the device to perform operations comprising: detecting, by a mobile agent of the device, a request to route traffic to a service associated with an application; identifying, by the mobile agent, an application identifier associated with the application, wherein the application identifier uniquely identifies the application; mapping, by the mobile agent and using a lookup in a database of the device, a type and a version of the application into an integer; selecting, by the mobile agent and using the application identifier, a label from a plurality of labels included in a routing table, wherein the label includes: one or more routes; and the integer representing the type and the version of the application; and routing, by the mobile agent, the traffic to the service associated with the application using the label. 2. The device of claim 1 , wherein: the label supports extranet services having inline security services; and the inline security services include at least one of the following: firewall services; intrusion detection services; intrusion prevention services; or Cloud Access Security Broker (CASB) services. 3. The device of claim 1 , wherein a head-end node: receives the label; maintains one or more policies in a policy table; and uses the one or more policies and the label to route the traffic to the service associated with the application. 4. The device of claim 1 , the operations further comprising: receiving, by the mobile agent, a Domain Name System (DNS) request; and using the application identifier to map the DNS request to the label. 5. The device of claim 1 , wherein the label is associated with at least one of the following: a Software-Defined Wide Area Network (SD-WAN); a virtual private network (VPN); a Multiprotocol Label Switching (MPLS) label; a Network Service Header (NSH) label; or a Generic Network Virtualization encapsulation (GENEVE) tunnel label. 6. The device of claim 1 , wherein the service is associated with at least one of the following: a public infrastructure as a service (IaaS); a private IaaS; a public software as a service (SaaS); a private SaaS; or a private enterprise service. 7. The device of claim 1 , the operations further comprising: maintaining, by the mobile agent, a policy table comprising one or more policies; and mapping, by the mobile agent, the application identifier associated with the application to the label using the one or more policies. 8. A method, comprising: detecting, by a device, a request to route traffic to a service associated with an application; identifying, by the device, an application identifier associated with the application, wherein the application identifier uniquely identifies the application; mapping, by a mobile agent of the device and using a lookup in a database of the device, a type and a version of the application into an integer; selecting, by the device and using the application identifier, a label from a plurality of labels included in a routing table, wherein the label includes: one or more routes; and the integer representing the type and the version of the application; and routing, by the device, the traffic to the service associated with the application using the label. 9. The method of claim 8 , wherein: the label supports extranet services having inline security services; and the inline security services include at least one of the following: firewall services; intrusion detection services; intrusion prevention services; or Cloud Access Security Broker (CASB) services. 10. The method of claim 8 , wherein a head-end node: receives the label; maintains one or more policies in a policy table; and uses the one or more policies and the label to route the traffic to the service associated with the application. 11. The method of claim 8 , further comprising: receiving a Domain Name System (DNS) request; and using the application identifier to map the DNS request to the label. 12. The method of claim 8 , wherein the label is associated with at least one of the following: a Software-Defined Wide Area Network (SD-WAN); a virtual private network (VPN) a Multiprotocol Label Switching (MPLS) label; a Network Service Header (NSH) label; or a Generic Network Virtualization encapsulation (GENEVE) tunnel label. 13. The method of claim 8 , wherein the service is associated with at least one of the following: a public infrastructure as a service (IaaS); a private IaaS; a public software as a service (SaaS); a private SaaS; or a private enterprise service. 14. The method of claim 8 , further comprising: maintaining a policy table comprising one or more policies; and mapping the application identifier associated with the application to the label using the one or more policies. 15. One or more computer-readable non-transitory storage media embodying instructions that, when executed by a processor, cause the processor to perform operations comprising: detecting, by a device, a request to route traffic to a service associated with an application; identifying, by a device, an application identifier associated with the application, wherein the application identifier uniquely identifies the application; mapping, by a mobile agent of the device and using a lookup in a database of the device, a type and a version of the application into an integer; selecting, by the device and using the application identifier, a label from a plurality of labels included in a routing table, wherein the label includes: one or more routes; and the integer representing the type and the version of the application; and routing, by the device, the traffic to the service associated with the application using the label. 16. The one or more computer-readable non-transitory storage media of claim 15 , wherein: the label supports extranet services having inline security services; and the inline security services include at least one of the following: firewall services; intrusion detection services; intrusion prevention services; or Cloud Access Security Broker (CASB) services. 17. The one or more computer-readable non-transitory storage media of claim 15 , wherein a head-end node: receives the label; maintains one or more policies in a policy table; and uses the one or more policies and the label to route the traffic to the service associated with the application. 18. The one or more computer-readable non-transitory storage media of claim 15 , the operations further comprising: receiving, by the mobile agent, a Domain Name System (DNS) request; and using the application identifier to map the DNS request to the label. 19. The one or more computer-readable non-transitory storage media of claim 15 , wherein the label is associated with at least one of the following: a Software-Defined Wide Area Network (SD-WAN); a virtual private network (VPN) a Multiprotocol Label Switching (MPLS) label; a Network Service Header (NSH) label; or a Generic Network Virtualization encapsulation (GENEVE) tunnel label. 20. The one or more computer-readable non-transitory storage media of claim 15 , wherein the service is associated with at least one of the following: a public infrastructure as a service (IaaS); a private IaaS; a public software as a service (SaaS); a private SaaS; or a private enterprise service.