Applying 2547bis virtual private networks to the global information grid

In Its simplest form, a virtual private network (VPN) allows two or more sites to establish private IP connectivity through a common, IP-based network infrastructure. As deployed on the Internet, VPNs provide IP reachability between geographically disparate sites, without requiring the provisioning of expensive, private leased lines between isolated networks. VPNs on the Internet are implemented through various mechanisms. Virtual private LAN service (VPLS) and IP only LAN service (IPLS) are two Layer 2 VPN mechanisms which enable customer sites to participate in a VPN, through a service provider´s (SP´s) IP backbone. Request for comments (RFC) 2547 provides an alternate, layer 3 solution to establishing a VPN between two sites, through the use border gateway protocol and multi-protocol label switching (BGP/MPLS). The networks of the global information grid (GIG) offer another venue where VPN services may he applied. For example, VPNs can be used between a tactical network and its provider network, to help maintain connectivity between tactical network nodes during a network split event. However, although the aforementioned VPN technologies are feasible on the Internet, scalability issues may arise when applying VPNs between components of the GIG, as the network architectures of GIG may significantly deviate from the SP-customer network topologies found on the Internet. This paper investigates 2547bis VPN operation and details use-cases for application between various components of the GIG. Furthermore, this paper presents various 2547bis VPN architecture alternatives and enhancements, which helps the scaling and deployment of 2547bis VPNs in large-scale IP networks