Scalable HAIPE discovery using a DNS-like referral model

This paper presents a scalable concept for the dynamic discovery of High Assurance Internet Protocol Encryption (HAIPE) devices situated across multiple "striped" network segments. The term "striped" in this context refers to traversing from a red (or classified) network to a black (or unclassified) network to a red network in multiple concatenated fashion (i.e., red-black-red-black-red...) There are many reasons why network "segmentation" using IP encryption may occur: use of a commercial satellite link, traversing from one secure facility to another on an existing base networks, operating over a radio frequency network, and so on. Each of these network segments or enclaves need to be secured (in this case, via IP encryption) which causes the segments to exist. The boundary between red and black sides is assumed to be protected via a HAIPE device. Our design also addresses mobile enclaves (where whole networks may come and go every 15 minutes) and multi-homed enclaves (where multiple entry/exit points exist). Finding how one traverses this striped environment and operate on a global scale (millions of network) are key challenges and the subject of this paper