Dynamic VPN communities: implementation and experience

Dynamic communities of independent organizations require fluid collaborative sharing of information resources within member networks. This presents challenging network security problems. The security postures of member networks must rapidly evolve in response to the addition or removal of community members, in order to grant privileged access to members while protecting critical resources and communications from nonmembers. The member networks belong to different administrative domains, and must preserve their autonomy despite the necessary relaxing of access restrictions. This paper describes the design and implementation of a system supporting Dynamic Virtual Private Network (DVPN) communities of independently administered, firewall-protected enclaves. A central authority defines the community, and member enclaves adapt automatically and rapidly as enclaves are admitted or expelled, avoiding the high administrative cost and risk of misconfiguration associated with common VPN mechanisms