tacoms+ - front end- satcom meaning… - different bearers - topology changes - autonomous units...

102
TACOMS+ CONCEPT , ARCHITECTURE & CAPABILITIES N&S CaT April 2016 Per Carlén (Ex SWE TACOMS member)

Upload: others

Post on 28-Jul-2020

4 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS+ CONCEPT, ARCHITECTURE & CAPABILITIES

N&S CaT April 2016

Per Carlén (Ex SWE TACOMS member)

Page 2: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Agenda

• Aim

• Background

• TACOMS+

– Aim, scope

– Capabilities

– Services/Functions

– Deliverables

– Future work

• Final words

Page 3: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Aim with presentation

UNCLASSIFIED 3

• Give an insight into TACOMS+ capabilities • Why? N&S CaT is intermediate CCB/custodian

Page 4: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS background

UNCLASSIFIED 4

• Focus: Deployable federated networks • Nations are sovereign, interconnects over a standardized IOP

(InterOperability Point) • As much COTS as possible

Page 5: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Phase 1 ST4637: Tacoms

Head Stanag

ST4639:

Interfaces

ST4640:

Lower Layer Specifications

ST4643:

CO Protocols

ST4644:

CL Protocols

ST4646:

Management Protocols

ST4647:

Gateway Protocols

Annex A: IOP Annex B: ENAP

Annex A: Cables Annex B: Ethernet

Annex A: Numbering Annex B: Call Processing Annex C: Routing Annex D: Coding Annex E: Signaling

Annex A: Addressing Annex B: BD Annex C: Routing Annex D: QoS Annex E: Protocols Annex F: Real-Time Data

Annex A: Messaging Annex B: MIBs Annex C: SLM

Annex A: IP Annex B: ISDN Annex C: ST4206 Annex D: Mixed / Single Mode IntOp

• Phase 1 STANAGs (promulgation in 2010) covering OSI L1-L3 + Voice • “Quickwins” update in 2012 • Interdependencies between services -> complex solutions

(static)

Page 6: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Configuration complexity – Phase 1

Number of configurations (places where peers has to be configured) are shown as a function of number of NEs. Avoid full-mesh! Goal: Keep #conn=#NE-1

0

500

1000

1500

2000

2500

3000

3500

4000

1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49

Configurations with manual ldap

Configurations with auto-ldap

Page 7: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS+ MoU 2012 - 2016

• Aim/deliverables – Reference Implementation – New set of STANAGs

• Then FMN came along… STANAGs -> Support FMN with profiles etc. Note: it was merely the format that was changed, not the conceptual/architectural.

• Requirements – TACOMS+ Operation Requirements inherited or derived from

• 15(+) NATO mission types • Initial FMN Concept paper

• Deliver to NATO and Nations – Standards/profiles – Comprehensive implementation guidance

• incl. implementation test cases and results

7

Page 8: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS+

• Inspirations – Lessons learned from previous experiences (e.g. AMN, TACOMS

phase 1) – Following FMN concept and capability milestones

• Support for mobility, zero day capability, federated networking

– Aligned with PCN principles • PCN like interfaces and Security Architecture and federated management

– ST4711 inspired QoS

• Execution through multi-national MOU

• Deliver to NATO and Nations – tested standards/profiles – comprehensive implementation guidance

• incl. implementation test cases and results

8

Page 9: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Scope

IOPs for: - Deployed strategic - Tactical Core - Tactical Edge Meaning…. - wired (Cu/FO) - LoS - Satcom Meaning… - Different bearers - Topology changes - Autonomous units

IOP-D

IOP-D

IOP-E

IOP-AIOP-A

IOP-A

IOP-A

IOP-A

IOP-A

IOP-A

IOP-C

IOP-C

IOP-F

IOP-F

IOP-F

IOP-F

IOP-D

IOP-B

IOP-B

IOP-C

IOP-C

IOP-C

IOP-F

IOP-B

IOP-B

IOP-B

Strategic core

Tactical core

Tactical edge

Page 10: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Unclassified 10

• Common network (FC), composed of national resources. • Transport service to

users

• Users are responsible for protecting their information, using; • NINE • SCIP

Network Architecture

Note: GW does not refer to SCIP-GW

Page 11: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Security Architecture

• Inherited from the architectural model that IST-069 and IST-103 proposed for PCN

– Separation of “Black Transport Core” and “Red Service/User Domain”

– Same federation principles as with PCN

• PCN: PCore – PCS TACOMS: FCore - FCS

IPV4 routingTACOMS Core/unclass

Routing 1

UnclassVoice

Mission SecretIPv4/6

Routing 2

UnclassVoice

UnclassVoice

Z

Mission SecretIPv4/6

Routing 2

Z

Page 12: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

PCN-1: IOP1-like interface where PCSs (FCSs) interconnect PCN-2: Typically COI part of mil unit connects here

When Mil unit X relocates, it disconnects from SWE PCN-2 interfaces and connect to NOR PCN-2 interfaces (and gets NOR addresses)

PCN – relocation

Page 13: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

PCN-1: IOP1-like interface where PCSs (FCSs) interconnect PCN-2: National matter

- When Mil unit X relocates, it disconnects from SWE infrastructure and connects to NOR PCN-1 interface.

PCN perspective on current TACOMS+ relocation

Page 14: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS+ Layers

• Bearers in Mission Networks set constraints for the IP layer performance – Cross layer interaction with bearer is important to mitigate possible

issues raising from bearer dynamics

FCSFCS

Information domain

Network domain

IP

Information domain

Network domain

IP

Application protocols

IP protocols

GRE/IPSec

Generic bearer

TIP

NIP

IOP

FCS A FCS B

“Users” “Users”

Page 15: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS+

• TACOMS builds federated capabilities on top of national assets

• Capabilities are created in layers

– Higher layers use lower layer services

UNCLASSIFIED 15

Page 16: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS+ Bearer Domain

UNCLASSIFIED 16 of 5

Build on top of national network assets: Resource sharing within federation Sovereign control of national assets

Na#onalNetworkDomain

Page 17: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS+ Network Domain

UNCLASSIFIED 17 of 5

NIP

NIPNIP

NIP

NIP

FederatedNetworkDomain

Separation of national domain and federation Overlay IP network for federation IP transport Connectionless network service DiffServ QoS classes (ST4711)

Page 18: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS+ CO Network Domain

UNCLASSIFIED 18 of 5

Connection-oriented network service DiffServ QoS enhanced with reservations of resources

from the service classes Traffic Engineering when required

FederatedCONetworkDomain

Page 19: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS+ Information Domain

UNCLASSIFIED 19 of 5

Media Services (Voice) with Reservation capabilities Multi-level priority and pre-emption

Name Service with Distributed root & DNSSEC

FederatedInforma- onDomain

Page 20: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Derived requirements –examples

UNCLASSIFIED 20

Desired outcomes for – Agility, Flexibility & Scalability

• support (as a minimum) the 15+ NATO mission types

– handle almost any network topology to allow full flexibility and adaptability in missions both on the strategic as well as the tactical level,

– allow for sufficient nodes in the same network (dependent on network topology) as demanded by the mission,

– support ad-hoc networks, i.e. where the topology of the network is unknown prior to the start of the mission,

Page 21: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS+ Themes & SoWs

Making solutions matching the requirements • Technical

– Agility and Flexibility • SWE, NOR, DEU, NCI Agency

– Connection Oriented Services • FRA, FIN, DEU, SWE, ITA

– Future IOP Bearers and Interfaces • ITA, FRA, FIN, NCI Agency, (SWE)

– Service Management and Control • tbd

• Cross cutting – Security

• NCI Agency

– Architecture • All

21

Page 22: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Multinational effort

TACOMS ORGANISATION

BOARD : Project Steering grouprepresentatives of the Participating nations

EXECUTIVE : International Project OfficeProject management and leadership

NATIONAL ADVISORS : Technical Working GroupExpertise, Guidance, QA review

V & V : Collaborative Implementatiom TeamNational implementations tested in federation

WORK PACKAGES : Multi-national team effort 9 suppliers across 6 Nations (Industry, Academia and Government orgs) and NCI Agency

WP WP WP WP

Page 23: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS working process

23

Page 24: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

COST <> COTS

• Enhanced standards for federated networking

– Mission Network Transport Services with minimum cost and configuration effort

– Minimise impact on national systems

• reuse existing or planned national equipment

– Build on commercial standards and industry best practice

– Implementable as far as possible with off-the-shelf components or military equipment

UNCLASSIFIED 24

Page 25: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

COTS and…

• TACOMS+ builds capabilities out from technologies that are mostly based on ‘Cisco-Off-The-Shelf’

• Some of the capabilities require additional control logic that is executed by the side of the COTS device

UNCLASSIFIED 25

COTSFORWARDING

PLANE

COTSCONTROLPLANE

TACOMSCONTROLPLANE

TACOMSCONTROLPLANE

COTSFORWARDING

PLANE

COTSCONTROLPLANE

Page 26: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

UNCLASSIFIED 26

Design

• As much COTS as possible • Implementation independent • Topology agnostic • No central dependencies • No full mesh • Pre-deployment possible • Fast connect/disconnect (no manual config) • PCN-type architecture, with ND/ID separation • Although PCN-type, ”any color” IOP is possible

Page 27: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Capability packages

CL transportAuto-

connectivityName resolutionTime sync

ServiceAnnouncement

CO transport Media

ServiceMitigation

KPIEstimation

KPIDissemination

Capability packages

UNCLASSIFIED 27

27

CL Transport o Federated transport network capability o Inspired by PCN (implements PCN-1) o FMN Spiral 1 NIP-G + network functions

Autoconnectivity o Adds additional capability to make automated attach

& detach procedures o FMN Spiral 1 optional capability

Service Announcement o Autoconnectivity for services o Exchange service dependent information elements

Time Sync o Tme Synchronization for Network Domain and

Information Domain

Name Resolution o Federated Root (hidden root in each federated

domain) o DNS SEC – integrity handling

CO Transport o Generalization of IntServ o “MPLS-TE+ over IP” o Provides resource assured connections for arbitrary

services o Sensor systems o Media transport

Voice o SIP based VoIP infrastructure model o Resource Reservation o Priority calls

o Pre-emption o SCIP support

o Separation of national domain and federation

o Call Managers in national domain o SBCs in federation domain

KPI Estimation o Transmission bearer interrogation

o What kind of networking environment is below the IP

o What can be estimated from the bearer if it is not known

o What can be done co-operatively

KPI Dissemination o Who needs to know the link/network KPIs o How those should be disseminated most efficiently

Service Mitigation o How should transmission bearer be used to maximize

the benefit out of it o How should IP layer use the bearer o How should services adapt to the network conditions

Information Domain Network Domain

Page 28: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Scratching on the surface

UNCLASSIFIED 28

Page 29: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

UNCLASSIFIED 29

Capability packages, building blocks

• A CP consists of service(s) and function(s) • A service is what the user sees and utilizes • A service is built with functions • For almost every service/function, there are

• Options and justifications • Technical specification(s) • Implementation examples • Test specifications

Required services/functions

Capability package

CL transport

RoutingFunction

AuthenticationFunction

AddressPlan

PKIFunction

TimeService

CL ForwardingService

FC ProtectionFunction

Page 30: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

CL Transport

UNCLASSIFIED 30 Required services/functions

Capability package

CL transport

RoutingFunction

AuthenticationFunction

AddressPlan

PKIFunction

TimeService

CL ForwardingService

FC ProtectionFunction

Main service in TACOMS+ Shuffles packets between users, across the FC

Page 31: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

CL Forwarding service

UNCLASSIFIED 31

– QoS: 4711 CL

CL ForwardingIncoming Outgoing

Routing

UpdateForwarding

table

RoutingProtocolupdates

Control Plane

Forwardingl Plane

Page 32: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Routing function

UNCLASSIFIED 32

• Supports forwarding of packets

– Unicast, multicast, anycast

• Generic layer towards bearer

• Dual Stack

ASN:xASN:y

WAN

PIM-SM

BSR

boundary

PIM-SM

BSR

boundary

Page 33: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Address- and numberingplan

UNCLASSIFIED 33

• Avoid collisions • Aids in pre-deployment • Base for discovery-functionality, Autoconnectivity etc • Scalability (65536 nodes

per entity) • IPv4 • IPv6 • Unicast, multicasrt • BGP ASN

Page 34: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

FC Protection

UNCLASSIFIED 34

• Protect the integrity of the FC

IOP

IOP

FCS

Shaping/Policing

Anti Spoofing

Route filtering

Access filters

Authentication

IDS/FW

Anti Spoofing

Access filters

S C

IDS or IPS

Stateful FW

Filter flows to/from

Client/servers in the FCS

Access filters

Anti spoofing

Client/Server

self protection

Page 35: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Authentication

UNCLASSIFIED 35

• Ensures that only entitled parties can interconnect and send traffic on the FC. (compare PCN)

• Need technical means since bearer can be virtually anything (not only 5m optical fiber)

• Certificate-based (in IKEv2)

• Rogue nodes can be disconnected

• Comes witha a basic level of TFC (GRE/IPsec)

WANSWE

NOR

Page 36: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

PKI

UNCLASSIFIED 36

• Different trust-models supported

• Local CRL DP

• (Issues with COTS and revocations)

– IKEv2 rekey != reauth (recent IOS solves this)

– CRL validity & caches (applies to ”off-the-grid” situations)

Page 37: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Autoconnectivity

UNCLASSIFIED 37

Required services/functions

Capability packages

Auto-connectivity

Service

Auto-connectivityNO manual configuration when

interconnecting Speeds up interconnection Less error-prone (human factor)

Page 38: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Autoconnectivity

UNCLASSIFIED 38

• Discover-configure, discover-configure – RIPv2 -> IPsec/GRE

– RIPng -> Peering

• Variety of implementations

RIPv2 over Ethernet SWE ASN:

d46.257NOR ASN:

d47.2

Page 39: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Demo Autoconn

UNCLASSIFIED 39

Page 40: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

CO Transport

UNCLASSIFIED 40

Required services/functions

Capability package

CO transport

CO RoutingFunction

Resource Reservation

Function

Signaling Function

KPI Estimation

CO ForwardingService

CL Transport

o Generalization of IntServ o “MPLS-TE on IP” o Based on network level resource reservations for IP flows o Provides resource assured connections for arbitrary services

o Sensor systems o Media transport

B

C

D

E

F A

H

G

Page 41: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

COCP

UNCLASSIFIED 41

UNI

Reservation Routing Signaling

User

Forwarding Plane

Page 42: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

CO Forwarding Service

UNCLASSIFIED 42

o Non default forwarding pattern for traffic o Next-hop selection based on

other criteria than shortest path

o Assurance of resources to the connection via reserving and setting aside

o Policing of traffic at ingress @ flow level

Page 43: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

User Signaling

UNCLASSIFIED 43

Users – Local API

Reservation Service

Remote API

UNI

SIP MESSAGE: SESSION RESERVE REQUEST

Local API Remote API

Anycastaddress

Unicastaddress

SIP 302 Redirect

SIP MESSAGE: SESSION RESERVE REQUEST

SIP 200 OK

SIP MESSAGE: SESSION RESERVE RESPONSE - SUCCESS

Reservation in the Network Domain carried out...

SIP 200 OK

Reservation is used...

SIP MESSAGE: SESSION TEAR-DOWN REQUEST

SIP 200 OK

SIP MESSAGE: SESSION TEAR-DOWN RESPONSE - SUCCESS

Reservation in the Network Domain is torn down...

SIP 200 OK

HTTP POST: SESSION RESERVE REQUEST

Local API Remote API

Anycastaddress

Unicastaddress

HTTP 302 Redirect

HTTP POST: SESSION RESERVE REQUEST

HTTP 200 OK

Reservation in the Network Domain carried out...

Reservation is used...

HTTP POST: SESSION TEAR-DOWN REQUEST

Reservation in the Network Domain is torn down...

HTTP 200 OK

• Convey user requirements into CO control plane • Protocol used: SIP(S) or HTTP(S)

Page 44: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Crypto - Interworking Signaling

UNCLASSIFIED 44

Page 45: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Elements - FilterSpec/QSPEC+ (GIST)

UNCLASSIFIED 45

TSpec:

Peak-Rate: [Value Bytes per sec]

Rate: [Value Bytes per sec]

Burst-Size: [Bytes]

ConstraintsParams:

Path-Reliability: [Value]

Path-TFC-Level: [Value]

Path-Latency: [Value]

Path-Jitter: [Value]

HandlingDirectives:

Path-Pinning: [Value]

Admission-Priority: 2

RPH-Priority: [Value]

TrafficClassifier:

DSCP-bits0-2: [Value]

DSCP-bits3-4: [Value]

FilterSpec:

Network-Layer-Version: [IPv4|IPv6]

Source-address: [address/prefix-len]

Destination-address: [address/prefix-len]

IP-protocol: [ANY|UDP|TCP|ESP….]

DiffServ-codepoint: [Value]

Flow-Label: [Value]

SPI: [Value]

L4-sourceport: [Value]

L4-destport: [Value]

Page 46: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Network Signaling

UNCLASSIFIED 46

• NSIS or SIPng • Same API to Reservation Service and Forwarding Plane

• Supports pre-emption

Reservation Service Routing ServiceRequest: UserRequierments

+ Destination NodeID

Response: SourceRoutes/NextHop

Signaling Service Requests: Setup [route[x-n]]Response: [OK|FAIL]

Request: Setup [route[x-n]]Response: ID (CallID)

Ssignalingover forwarding

plane

Request: Tear (ID)Response: ID (CallID)

Requests:Tear (ID)Response: [OK|FAIL]

Page 47: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Network Signaling – NSIS+

UNCLASSIFIED 47

• NSIS with small modifications (Qspec etc) • TACOMS+ developed opensource NSIS-stack (Linux) • Support for pre-emption • No TE in current MRM, easily extended • Can traverse NSIS non-aware nodes

Page 48: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Network Signaling – SIPng

UNCLASSIFIED 48

• SIP??? Yes, it’s a protocol for maintaining arbitrary sessions. • Establishes a signaling overlay on top of the FC • Support for pre-emption and TE • Uses Route-header in SIP to do source routing, hence signaling

can only traverse (jump on) SIPng aware nodes. • Implies one SIPng entity per TACOMS node

Node DNode CNode BNode A

SIPng CO signalling layer

Forwarding plane

SIPng

proxy

SIPng

proxy

SIPng

proxy

SIPng

proxy

Page 49: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

CO Routing – without TE

UNCLASSIFIED 49

Reservation Service Routing ServiceRequest:

UserRequierments

Response:

Incoming Interface, Next-

Hop (, Explicit route)

Service

Announcement

Layer

Topology information

is fetched from SA layer

Forwarding plane

• Both intra and inter-domain capability • Without TE:

• Incoming interface and next-hop are computed.

Page 50: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

CO Routing – with TE

UNCLASSIFIED 50

Reservation Service Routing ServiceRequest:

UserRequierments

Response:

Incoming Interface, Next-

Hop (, Explicit route)

Service

Announcement

Layer

Topology information

is fetched from SA layer

Forwarding plane

• Both intra and inter-domain capability • With TE:

• Path computation based on constraints coming from user, made in originating node.

• Topology discovery database includes all (abstracted) links • Several attributes associated to the links (capacity, delay, TFC, reliability, …) • Links in topology database are identified with NodeIDs. In CL-BGP, the NodeID for

the destination NLRI has a coded BGP community.

FCS C

FCS A

FCS B

2 1

2

13

2

3

FCS internal link

IOP

1

3

Page 51: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Resource reservation

UNCLASSIFIED 51

• Resource sharing policy for individual DiffServ classes • Bookkeeping of resources • Connection Admission Control • Multi-Level Priority and Pre-emption • Authorization of use

Links, capacity, reservations...

Page 52: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Demo SIPng

UNCLASSIFIED 52

Page 53: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

KPI Estimation

UNCLASSIFIED 53

Required services/functions

Capability package

KPI Estimation

KPI Measurement Function

KPI ProvisioningFunction

X-Layer Communication

Function

KPI EstimationService

CL Transport

KPI Estimation o Transmission bearer interrogation

o What kind of networking environment is below the IP

o What can be estimated from the bearer if it is not known

o What can be done co-operatively

Page 54: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

KPI Estimation Service

UNCLASSIFIED 54

o Estimation of bearer capabilities based on different information sources o Pre-existing knowledge o Technical interrogation via

o API (integrated bearers) o Standard protocols (co-operative bearers)

o Measurement of bearer capabilities

Page 55: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

KPI Provisioning

UNCLASSIFIED 55

• Pre-existing knowledge via SLA • FO • Fixed capacity LoS/Satcom

Page 56: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

X-layer Communication

UNCLASSIFIED 56

• Integrated bearers with common control plane functions • Ability to control and monitor bearer KPIs • Common protocols to interrogate co-operative bearers • LLDP, DLEP • Difficult to address all bearer technologies

Page 57: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

KPI Measurement

UNCLASSIFIED 57

• Estimation of bearer KPIs (capacity, delay, jitter) • Two methods depending on bearer (logic for choosing is included)

• TWAMP-light protocol • Non-intrusive • Based on packet dispersion • Normally supports bearers like LoS, Satcom

• Iperf (fallback) • Intrusive • Ball-parking

SWE FINGRE-tunnel

over ”unknown” bearer

TWAMP light

sender

TWAMP light

reflectorδt1δt2δt3δt4

δr 1δr 2δr 3δr 4

Page 58: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

KPI Dissemination

UNCLASSIFIED 58 Required services/functions

Capability package

KPI Dissemination

Horizontal Dissemination

Function

KPI DisseminationService

CL Transport

Vertical Dissemination

Function

KPI Estimation

Service Announcement

KPI Dissemination o Who needs to know the link/network KPIs o How should the KPIs be disseminated most efficiently

Page 59: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

KPI Dissemination Service

UNCLASSIFIED 59

Network Domain

FINDEU SWE

Information Domain

Service X Service X Service X

KPI

s

KPIs KPIs

KPI

s

KPI

s• Dissemination of bearer KPIs • Internally to other services that need that information • Other network nodes that need the information • Information Domain Services that benefit from the information

Page 60: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Horizontal Dissemination

UNCLASSIFIED 60

• Dissemination to the other nodes that need the information (policing/shaping) • For TE: Path calculation functions across the network • Uses Service Announcement Layer to convey KPIs

Property Community Remark

Link Capacity 1:[value 16bit] Bits per second

Link Reliability 2:[value 16bit] Link state change events (up/down)

service unavailability over the period of 24h

Link TFC Level 3:[value 16bit] Traffic flow confidentiality level of the link

Service Class [SC0-7] Reservable Link Capacity

4+SC:[value 16bit] Capacity that is allocated for the reservation purposes within particular service class in bps

Service Class [SC0-7] Unreserved Capacity

12+SC:[value 16bit] Capacity that is used from the particular service class in bps

Service Class [SC0-7] Delay

20+SC:[value 16bit] Delay within the particular service class in seconds.

Network Domain

FINDEU SWE

Page 61: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Vertical Dissemination

UNCLASSIFIED 61

• Dissemination link KPIs to Information Domain Services • Resource sensitive applications – Voice, VTC, document sharing … • May cross RED/BLACK boundary • SNMP MIB defined

Network Domain

DEU

Information Domain

Service X Service X

Page 62: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Service Mitigation

UNCLASSIFIED 62 Required services/functions

Capability package

ServiceMitigation

Bearer MitigationFunction

MitigationService

IP-Layer MitigationFunction

KPI Estimation

KPI Dissemination

Application Layer MitigationFunction

Service Mitigation o How should the transmission bearer be used to maximize

the utilization o How should the IP layer use the bearer o How should services adapt to the network conditions

Page 63: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Mitigation Service

UNCLASSIFIED 63

• Mitigation service makes decision on possible technical actions that need to executed for the bearer

• Logic decision on how to approach deficiencies, which bearer has with respect to the services in IP-layer and application layer

Page 64: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Bearer Mitigation

UNCLASSIFIED 64

o X-Layer functions on mitigation in transmission bearer o Coherent action between IP-layer and transmission layer for QoS and

resource sharing o SatCom, BGAN, SDR, Radio relays

Page 65: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Application Layer Mitigation

UNCLASSIFIED 65

o How to manage application aspects based on network information and status o Audio/Video coding and level of service o Activation and de-activation of resource intensive applications o Application accelerations for long delay pipes

o if packets are not encrypted (TCP adaptation, RTP Jitter compensation)

Page 66: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

IP-Layer Mitigation

UNCLASSIFIED 66

o IP-layer provisioning based on bearer knowledge which is acquired via KPI Estimation & Dissemination

o Provisioning capacity for service classes and link o Queue management

Page 67: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TRANSMISSION SYSTEM

FCS

GenericLocal

Interface

Transmission System

Interface(eg.modem)

Transmission System

Interface(eg. modem)

IP level Mitigation function

Control function

Other network

functions

GRE/IPSEC

TACOMS

management

serviceIP Routing

Other network

functionsIP Routing

GRE/IPSEC

SLA

FCS

Information

domain

IP level Mitigation function

ExternalGeneric

LocalInterface

Control function

InternalSpecific

LocalInterface

Specific Local

Interface

Mitigation functions

Link Layer Functions

Media assessment functions

KPI dissemination functions

Mitigation and dissemination

Page 68: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Demo Measurement-Mitigation

UNCLASSIFIED 68

RIPv2 over Ethernet SWE ASN:

d46.257NOR ASN:

d47.2

Link with Unknown KPIs

TWAMP sender

TWAMP Reflector

Page 69: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Service Announcement

UNCLASSIFIED 69

Required services/functions

Capability packages

ServiceAnnouncement

Service

ServiceAnnouncement

Auto-connectivity

• Autoconnectivity add-on • Speeds up the interconnection of services and

not just the IP-layer. • A database updated in real-time across the FC • No full-mesh conns, no central dependecies

Page 70: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Service Announcement Service

UNCLASSIFIED 70

• Inspired by Cisco Service Advertisement Framework

• Separate BGP routing process with IPv6 coded information

• Dictionary that maps certain parameters to IPv6 prefix and/or communities

• Voice GW & Prefixes, Network KPIs, NTP peers etc

Information domainservice announcement

Automatic configuration

Network domain service announcement

FCS BFCS A

Media

Chat

Time

Email

Media

Chat

Time

Email

Automatic peering

Service Announcement Layer Service Announcement Layer

Transmissionmediation

Transmissionmediation

Page 71: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Time sync

UNCLASSIFIED 71

Required services/functions

Capability packages

TimeService

Time sync

ServiceAnnouncement

Page 72: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Time sync Service

UNCLASSIFIED 72

• Provide a time with certain precision to services in the FC

• Self-sustained!

• Peer w neighbors

Page 73: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Name resolution

UNCLASSIFIED 73

Required services/functions

Capability package

Name Resolution

TimeService

Name ResolutionService

• Provide services in the FC with a name-resolution service.

• Designed to work on unclassified, but can also work within a security domain.

Page 74: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Name resolution Service

UNCLASSIFIED 74

• Flat hierarchy, works without central root

• DNSSEC

FederatedCorenamespace

FCMasterServer

PrimarynameserverFCSPOL

PrimarynameserverFCSBEL

PrimarynameserverFCSNATO

FCslave

FCzone

FCslave

POLmaster

BELmaster

FCslave

NATOmaster

MasterServer

FCzone

Periodiczonetransferrequests

Page 75: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Media

UNCLASSIFIED 75 Required services/functions

Capability packages

Media Service

Media

Media Resource Reservation

Function

Media Signaling Function

Media Dynamic Routing Function

CL Transport

CO Transport

ServiceAnnouncement

Media Service o SIP-based media profile o ST4705 numbering o GW routed calls to and from the federated domain

Page 76: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Media Service

UNCLASSIFIED 76

ASN:x ASN:y

GW

ASN:z

GWGW GW

User A User B

SIP & RTP Signalling & media SIP & RTPSignalling & media Signalling & media

eBGP

Service Announcement

eBGP

Service Announcement

iBGP -

Service

Announcement

Resource management integrated with network domain – Media-CAC needs to know capacity on links

Page 77: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Media Signaling

UNCLASSIFIED 77

o SIP signaling o B2BUA between national domain and network domain o SIP Resource-Priority extension @ core

Page 78: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Media Resource Reservation

UNCLASSIFIED 78

o Bookkeeping of calls and their resources o Call Admission Control

o SIP Resource Priority extension for priority calls o Pre-emption

o Resource control with forwarding plane filters and policers o Assurance of QoS within controlled DiffServ class

GW1

GW2

GW3Callee

Callee

Caller

CallerExisting call

Call being set up

Congestion

Call tear-down

signalling

Call tear-down

signalling

Page 79: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Media Dynamic Routing

UNCLASSIFIED 79

ASN:x ASN:y ASN:zUser A User B

Prefix: FD00:0520:941:358::/64

RT: 58.10.10.10:1

Next-hop: ::FFFF:58.10.10.10

Prefix: FD00:0520:941:358::/64

RT: 58.10.10.10:1

Next-hop: ::FFFF:46.12.11.11

Prefix: FD00:0520:941:460::/64

RT: 46.12.11.11:1

Next-hop: ::FFFF:46.12.11.11

Prefix: FD00:0520:941:330::/64

RT: 33.1.1.11:1

Next-hop: ::FFFF:33.1.1.11

Prefix: FD00:0520:941:330::/64

RT: 33.1.1.11:1

Next-hop: ::FFFF:46.11.11.11

Prefix: FD00:0520:941:460::/64

RT: 46.11.11.11:1

Next-hop: ::FFFF:46.11.11.11

GW

Prefix: 941 358

IP: 58.10.10.10

GW

Prefix: 941 460

IP: 46.11.11.11

GW

Prefix: 941 460

IP: 46.12.11.11

GW

Prefix: 941 330

IP: 33.1.1.11

• Flexible nomadic mobility of subscribers within mission network • Inspired by Cisco SAF • Utilizes Service Announcement to facilitate dynamic routing of 4705 prefixes • Representation of ST4705 prefixes as IPv6 prefixes • Hop-by-Hop routing pattern • Edge-to-Edge routing pattern

Page 80: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS+ components

Routing

Function

Authentication

Function

Address

Plan

Autoconnectivity

Function

PKI

Function

Name

resolution

Service

CL Transport

Service

Time

Service

Federated Core

Protection

Function

Service

Announcement

Service

CO Transport

Service

Reservation

Function

CO Routing

Function

Signaling

Function

Media service

KPI Estimation

Service

Media Resource

Reservation

Function

Media Dynamic

Routing

Function

Media Signaling

Function

KPI Measurement

Function

KPI Provisioning

Function

X-Layer

Communication

Function

KPI

Dissemination

Service

Horizontal

Disemination

Function

Vertical

Disemination

FunctionKPI Mitigation

Service

Bearer Mitigation

Function

IP-Layer

Mitigation

Function

Application

Mitigation

Function

KPI

Management

Function

A optionally depends on B

A depends on BA

A

B

B

Blue boxes denote user

accessible services.

Green boxes denotes

functions that builds

services

A optionally depends on

B

In a system …or cherrypicking

Page 81: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

How mature are these

• Many of the TACOMS capabilities are developed and specified in different levels of TRL

• Most of the CO/KPI-capabilities hit TRLs 4 to 6

• Most of (CL) capabilities are applied in real systems and are moving towards fielding (TRL 7 to 9)

UNCLASSIFIED 81

Page 82: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS+ Service Architecture Tacoms ph2

Network Domain

Network Domain Support Services

Network Domain Services

Information Domain

Routing Service

CL Forwarding Service

Security ServiceAutoconfiguration

Service

Reservation Service

CO Forwarding Service

Information Domain Support Services

Routing Service Discovery Service Signaling Service Reservation Service

Information Domain User Services

Media Service

Signaling Service

Transmission Mediation Service

Monitoring Service

Packet Prioritazion Service

Network DomainService Provider

Information Domain Service Provider

Network Management Service

Network Configuration Service

Network Planning Service

Customer Management Service

Customer Management Service

Service Management Service

Service Planning Service

Service Level Management Service

Service Configuration Service

Service Level Management Service

SLA

MGMT

iF

CTRL IF DATA IF

MGMT

iF

PPI iF

Page 83: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

C3 Classification Taxonomy

Operational Context

Missions and Operations

Policy and

Guidance

Strategic Concept Political Guidance Military Guidance Allied Publications C3 Policies

Mission

Types

Collective Defence (CD)

Consequence Management (CM)

Conflict Prevention (CP)

Counter Terrorism (Failed State) (CT(FS))

Counter Terrorism (State Sponsored Covert) (CT(SSC))

Support to Disaster Relief (DR) Extraction Operation (EOP)

Enforcement of Sanctions and Embargoes (ESE)

Peace Enforcement (PE)

Peacekeeping (PK)

Support to Humanitarian Assistance (SHA)

Anti-Terrorism (AT)

Peacemaking (PM)

Peacebuilding (PB)

Support of Non-Combatant Evacuation Operations (NEO)

Military Aid/Support to Civil Authorities (SCA)

Permanent Tasks

Tasks

CD Tasks CM Tasks CT (FS) Tasks CT (SSC) Tasks PK Tasks PE Tasks CP Tasks SHA Tasks DR Tasks EOP Tasks ESE Tasks

Operational Capabilities

Capability Hierarchy,

Codes and Statements

Prepare Project Engage Sustain Protect Inform C3

Business

Processes

IA Processes SMC Processes Governance Processes Management Processes Consultation Processes Cooperation Processes Mission Threads Support Processes

Information

Products

IA Information SMC Information Intent & Guidance Rules & Measures Plans Tasking & Orders Situational Awareness Resource Status Requests & Responses

Communication and Information Systems (CIS) Capabilities

User-Facing Capabilities

User

Appliances

User

Applications

IA Applications SMC Applications

Joint COI Applications

Air COI Applications

Land COI Applications

Maritime COI

Applications

Space COI Applications

Special Operations COI

Applications

JISR COI Applications

Logistics COI

Applications

EW COI Applications

Environmental COI

Applications

Missile Defence COI

Applications

CIMIC COI Applications

CBRN COI Applications

ETEE COI Applications

CIS COI Applications

Modeling and Simulation

COI Applications

Generic Applications

Technical Services

Information

Systems

Equipment

Communications

Equipment

Community Of Interest (COI) Services

COI-Specific

Services

COI-Specific IA

Services

COI-Specific SMC

Services

Joint COI Services

Air COI Services

Land COI Services

Maritime COI Services

Space COI Services

Special Operations COI

Services

JISR COI Services

Logistics COI Services

EW COI Services

Environmental COI

Services

Missile Defence COI

Services

CIMIC COI Services

CBRN COI Services

ETEE COI Services

Modeling and Simulation

COI Services

CIS COI Services

COI-Enabling

Services

COI-Enabling IA

Services

COI-Enabling SMC

Services

Operational Planning

Services

Tasking and Order

Services

Situational Awareness

Services

Business Support

Services

Modeling and Simulation

Services

Core Enterprise Services

Enterprise Support

Services

Enterprise Support IA

Services

Enterprise Support

SMC ServicesUnified Communication and Collaboration Services Information Management Services Geospatial Services

SOA Platform

Services

SOA Platform IA

Services

SOA Platform SMC

Services

Message-oriented

Middleware ServicesWeb Platform Services

Information Platform

ServicesComposition Services Mediation Services

Infrastructure

Services

Infrastructure IA

Services

Infrastructure SMC

ServicesInfrastructure Processing Services Infrastructure Storage Services Infrastructure Networking Services

Communications Services

Communications

Access Services

Communications

Access IA Services

Communications

Access SMC Services

Analogue Access Services

Digital (Link) Access Services

Message-based Access Services

Circuit-based Access Services

Frame-based Access Services

Packet-based Access Services

Multimedia Access Services

Transport

Services

Transport IA ServicesTransport SMC

ServicesEdge Transport Services Core Network Services Aggregation Services Broadcast Services Distribution Services

Transmission

Services

Transmission IA

Services

Transmission SMC

Services

Wired Local Area Transmission

Services

Wired Metropolitan Area Transmission

Services

Wired Wide Area Transmission

Services

Wireless LOS Static Transmission

Services

Wireless LOS Mobile Transmission

Services

Wireless BLOS Static Transmission

Services

Wireless BLOS Mobile Transmission

Services

IA SMC Groupings Baseline 1.0 - Friday, 15 June 2012

TACOMS+ in C3 Taxonomy

FC is delivering Edge-to-Edge IP transport services in CL/CO mode = FMN CORE TRANSPORT M1/M2/M3

FC is not delivering access services, BUT enables packet based access services via function that is needed in national interface

TACOMS+ project also delivers SIP profile for Media Services PKI for authentication Name resolution services Network time services Service announcement SMC for Core Network part

Page 84: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS+ Deliverables - Documents, RA - FMN support - Reference Implementation

UNCLASSIFIED 84

Page 85: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS+ Documents

UNCLASSIFIED 85

Annexes

FrontEnd EA model

Page 86: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

RA – https://tacoms-ea.frontend.se

UNCLASSIFIED 86

Page 87: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Document examples….

Page 88: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Concept and Architecture

FCS C

FCS B

FCS A

FCS F

FCS E

FCS D

FCS C

FCS B

FCS A

FCS F

FCS E

FCS D

Federated Core

Strategic

Deployed

IOP

IOP

IOP

Federated Core

Segment

A

Federated Core

Segment

B

Federated Core

Segment

C

Federated Core

Segment

DIOP

IOP

Federated Core

Segment

E

Strategic

IOP

Page 89: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Solutions and justifications

Page 90: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Technical Specification

DiscoveryPhase 1

DiscoveryPhase 2

Send RIPv2

Send RIPng

Initiation with preconfigured values.

parent

child( ren)

((BGP prefix exist) and (my IP > peer IP)) or((BGP prefix exist) and (GRE prefix exist)) - Configure GRE (if my IP < peer IP)- Configure BGP

Exit

Received RIPv2 message. (New neighbor detected)- Configure GRE (if my IP > peer IP) - Enable RIPng - Spawn new process for neighbor (Discovery Phase2)

Note- IPv6Enc refers to the transformation of information into an IPv6 prefix.PrefixGRE = FD00:0202/32PrefixBGP = FD00:0510/32PrefixMSDP = FD00:0511/32PrefixSABGP = FD00:0500/32Mx = MSDP peer addressBx = BGP peer addressGx = GRE subnet addressSAx = SA-BGP peer address

RIPv2 sender gone or- Configuration CleanUp.

RIPv2 over Eth, source IPv4: ESWE

Network: 110.46.x.y/32

RIPv2 over Eth, source IPv4: ENOR

Network: 110.47.x.y/32

RIPng in GRE, source: IPv6 link-local GRE SWE

Network1: IPv6Enc(PrefixBGP, BGP HopsSWE, BGP ASNSWE, BSWE) Network2: IPv6Enc(PrefixMSDP, BGP ASNSWE, MSWE) Network3: IPv6Enc(PrefixSABGP, SABGP HopsSWE, SABGP ASNSWE,SASWE)

RIPng in GRE, source: IPv6 link-local GRE NOR

Network1: IPv6Enc(PrefixGRE) Network2: IPv6Enc(PrefixBGP, BGP HopsNOR, BGP ASNNOR, BNOR) Network3: IPv6Enc(PrefixMSDP, BGP ASNNOR, MNOR) Network4: IPv6Enc(PrefixSABGP, SABGP HopsNOR, SABGP ASNNOR, SANOR)

1-3

4-5

Steps in textIPv4 addresses on interfaces are configured:SWE: Ethernet: ESWE (111.46.a.b/8)NOR: Ethernet: ENOR (111.46.a.b/8)RIPv2 is configured and enabled on Ethernet interfaces

RIPng prefix:GRE- Assignment and configuration of addresses on GRE-interfaces: NOR: GNOR+2/30, IPv6Enc(PrefixGRE2, BGP ASNNOR, GNOR+2)/127 SWE: GNOR+1/30, IPv6Enc(PrefixGRE2, BGP ASNNOR, GNOR+1)/127

START

Configured

Send RIPng

BGP established

Exit(RIPv2 sender gone) or(Timeout ~120 seconds)- Configuration CleanUp.

Established

Send RIPng

Exit(RIPv2 sender gone) or(BGP transition from established) - Configuration CleanUp.

(MSDP prefix exist) and (MSDP not configured) or(SA prefix exist) and (SA not configured) - Configure related Item (MSDP/SA)

(MSDP prefix exist) and (MSDP not configured) or(SA prefix exist) and (SA not configured) - Configure related Item (MSDP/SA)

6-7

8-9

Page 91: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Implementation examples

UNCLASSIFIED 91 of 5

FCS BFCS A

RIPng incl SA-BGP bootstrap

IOP-Router

SA-BGP

Media GW iBGPOnly SA-BGP

500"-prefixesallowed

SA-BGP

IOP-Router

Service X GW

eBGPSA-Layer

iBGPOnly 520"-

prefixesallowed

iBGPOnly

Service X"-prefixesallowed

Page 92: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Test Specifications

UNCLASSIFIED 92 of 5

Page 93: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Reference Architecture

UNCLASSIFIED 93

• Project Steering Group has decided that the RA is where all deliverables will be placed.

• Currently the latest versions of docs are on a FIN wiki. • PSG has allocated funding for maintaining the RA for two

additional years. • FrontEnd (SWE company) has the database. • The funding is at FMV (SWE) • N&S CaT is the intermediate CCB/custodian? • Further discussion is needed to sort out the details

• Licenses • Access to the RA • Updating docs in the RA • Maintenance of the RA • Etc

Page 94: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

FMN Audio-based Collaboration

NATO FMN Instruction

• Request to act as SME – Merging CPs with existing

Instruction

• Final version delivered to the ACT at the end of February ‘15 – Used within the CWIX’15

– Maintenance will fall to the CPWG and CIAV ?

FMN Instruction (SME: Marko & Per) 2015

Page 95: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

FMN Communication Services FMN Instruction (Marko & Per, T+ support) 2015

• 90% TACOMS+ CL-Forwarding

• Autoconnectivity optional

Page 96: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS and FMN

• A TACOMS+ system is one possible realization of FMN networking capabilities – TACOMS is not the realization

• Functionally adhering to the FMN concept

• Aim and aspiration in future spiral requirements – Auto configuration (optional now)

– KPI Measurement (spiral 2)

– PCN security model (spiral 4?)

– Dual Stack with IPv6

96 of 5

Page 97: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

TACOMS+ RI

• TACOMS+ nodes that can be used for testing of other nodes or user services over a TACOMS+ FC.

• Location: Aalto university

• Three nodes – NLD, NOR, SWE.

• Current status:

– SWE (masked as NATO) up

– NLD will be up (May?)

– NOR?

Page 98: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Future Work (Annex 9) snippets

Enhancements:

• Reduce setup time

• Increase easiness

• Automation of redundancy

• Automate QoS-policies

• Etc

Page 99: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Future work – Plug and play infrastructures

UNCLASSIFIED 99

L3 cryptos

L2 bridging cryptos

FCS A FCS B

L3

network

L3

network

P2P Ethernet

Autoconnectivity

• Work on any L2/L3 multicast enabled bearer

• Requires certain functionality in cryptos (low-grade?)

• Replace discovery protocol (RIPv2->SSDP?)

Page 100: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Future work – UNI

UNCLASSIFIED 100

• As crypto functionality progresses, a ”PCN-2”-type interface becomes interesting.

• In FMN-terms, a hosted user is the look-alike.

Page 101: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

Final words…right…

UNCLASSIFIED 101

• Developed capabilities meet the requirements

• Nice flora of services/functions that have been tested in multinational settings

• Modularity makes cherry-picking possible

• TACOMS+ has influenced FMN Spiral 1 and will influence solutions for FMN comms in coming Spirals

• First multinational incarnation of PCN (PCN-2 hidden)

– Agility, flexibility and scalability

Page 102: TACOMS+ - Front End- Satcom Meaning… - Different bearers - Topology changes - Autonomous units IOP-D IOP-D IOP-E IOP-A IOP-A IOP-A ... with ND/ID separation •Although PCN-type,

QUESTIONS

UNCLASSIFIED 102 of 5