| In its simplest form, a Virtual Private Network (VPN) allows two or more sites to establish private IP connectivity through a common, network infrastructure. As deployed on the Internet, VPNs provide reachability between geographically disparate sites, without requiring the provisioning of expensive, private leased lines between isolated networks.
VPNs on the Internet are implemented through various mechanisms. Virtual Private LAN Service (VPLS) and Virtual Private Wire Service (VPWS) are two Layer 2 VPN mechanisms that enable customer sites to participate in a VPN, through a Service Provider’s (SP’s) IP backbone. Request for Comments (RFC) 4364 provides an alternate, Layer 3 solution to establishing a VPN between two sites, through the use Border Gateway Protocol and Multi-Protocol Label Switching (BGP/MPLS).
The networks that constitute the United States Department of Defense (DoD) Global Information Grid (GIG) offer another venue where VPN services may be applied. For example, VPNs can be used between a tactical network and its provider network, to help maintain connectivity between tactical network nodes during a network split event. However, although the aforementioned VPN technologies are feasible on the Internet, scalability issues may arise when applying VPNs between components of the GIG, as the network architectures of GIG may significantly deviate from the SP-customer network topologies found on the Internet. This paper details the operation of 4364 VPNs and explores several use-cases for application between various components of the GIG. Furthermore, this paper presents various 4364 VPN architecture alternatives and enhancements, which will aid in scaling 4364 VPNs in large-scale IP networks. |