VPN gateways are used in commercial internets, government enterprise networks, and military tactical networks. VPN gateways provide security and privacy for IP data traffic when enclaves of higher security levels (protected networks) must use networks of lower security levels for communication (e.g., corporate networks using the Internet for data transport).
Typically, VPN gateways isolate the routing information of higher security networks from being visible in lower security transport networks. For example, a VPN gateway may provide a protected enclave an IP Secure (IPSec) encryption service. Accordingly, routing between protected enclaves entails being able to map remote protected enclaves (Plain Text (PT) networks) to corresponding VPN gateways having Cipher Text (CT) network addresses.
While this may be a straightforward task in static networks, several key requirements need to be present in order to enable robust routing between protected enclaves in dynamic networks, such as military tactical networks, for example. These requirements include, for example, easily discovering peer VPN gateways and their protected enclaves once connected to the network, detecting failed or “dead” peer VPN gateways, and adapting security associations (SAs) (a group of security settings related to a VPN tunnel) among VPN gateways according to changes in VPN gateway network topology and/or network conditions.
Further, in networks having high operational tempo, such as military tactical networks, for example, management and configuration required for realizing the above described requirements is a critical concern. Accordingly, protocols for enabling robust routing in networks implementing VPN gateways need to be easy to implement, deploy, manage and configure.
What is needed therefore are methods and systems for enabling robust routing between protected enclaves using VPN gateways while satisfying the above described requirements.