Scalable VPNs for the global information grid

Virtual private networks (VPNs) are the preferred mechanism for securing sensitive traffic crossing public networks. Traditionally, configuration of VPN gateways has been done manually. However, static configuration of gateways is particularly problematic within the context of the global information grid (GIG), the next-generation network of networks developed by the US government. For one, GIG VPNs are expected to consist of tens to hundreds of trusted networks, which is an order of magnitude greater than current deployments. Moreover, trusted networks that essentially comprise of units in the field (e.g. army companies or ships) need to be seamlessly connected to the GIG even while they are mobile. Our goal in this paper is to address the lack of scalability and support for mobility that exists in current VPNs. We do so by providing a dynamic routing protocol which VPN gateways use to securely advertise prefixes of their internal network to peering gateways. Our initial results show that our protocol can sustain VPNs comprising of roughly one thousand gateways with only moderate overhead