Overview of A2A VPN
Definition
Any to Any VPN (A2A VPN) is a VPN solution that uses the Group Domain of Interpretation (GDOI) protocol to manage keys and GDOI policies in a centralized manner. A2A VPN is mainly used to protect enterprises' internal service traffic that is transmitted over a wide area network (WAN).
Purpose
As networks develop, enterprises have not only data services but also increasing intelligent services such as voice and video services. These new services impose demands for instant interconnection between enterprise branches. Generally, enterprises deploy dedicated lines such as MPLS VPN to implement interconnection between branches.
However, dedicated lines provide secure communication for enterprises to only a certain extent. Some government regulations, such as Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS), require that data must be encrypted before it can be transmitted over dedicated lines.
Currently, IPSec is the commonly used encryption solution for dedicated lines. IPSec is a Layer 3 encryption protocol defined by the Internet Engineering Task Force (IETF) and is widely used for data encryption in WAN interconnections between branches. As a traditional Layer 3 VPN technology, IPSec sets up tunnels between specified communicating parties to protect data confidentiality, providing high-quality, interoperable, and cryptology-based security.
Networks face the N2 problem (N branches require N (N-1)/2 tunnels). The configuration and management are complicated and network expansion is difficult.
IPSec VPN results in changes to the original route deployment and cannot provide better QoS processing.
IPSec VPN does not support multicast services and can hardly support intelligent services.
The A2A VPN solution is developed to overcome the preceding disadvantages. A2A VPN adds a new IP header, same as the raw IP header, to establish non-tunnel connections between branches. It manages keys and GDOI policies in a centralized manner, simplifying network deployment and facilitating network expansion. In addition, it supports multicast features and provides QoS guarantee for voice and video services.