Applying 4364 Virtual Private Networks to the Global Information Grid

Abstract

In its simplest form, a virtual private network (VPN) allows two or more sites to establish private IP connectivity through a common, network infrastructure. As deployed on the Internet, VPNs provide reachability between geographically disparate sites, without requiring the provisioning of expensive, private leased lines between isolated networks. VPNs on the Internet are implemented through various mechanisms. Virtual private LAN service (VPLS) and virtual private wire service (VPWS) are two Layer 2 VPN mechanisms that enable customer sites to participate in a VPN, through a service provider's (SP 's) IP backbone. Request for comments (RFC) 4364 provides an alternate, Layer 3 solution to establishing a VPN between two sites, through the use border gateway protocol and multi-protocol label switching (BGP/MPLS). The networks that constitute the United States Department of Defense (DoD) global information grid (GIG) offer another venue where VPN services may be applied. However, although the aforementioned VPN technologies are feasible on the Internet, scalability issues may arise when applying VPNs between components of the GIG, as the network architectures of GIG may significantly deviate from the SP-customer network topologies found on the Internet. This paper details 4364 VPN operation and explores several use-cases for application between various components of the GIG. In addition, this paper presents various 4364 VPN architecture alternatives and enhancements, which will help scaling and deployment of 4364 VPNs in large-scale IP networks