developments in the nii - communication services - december , 2009 unis - tem dec 2009
Post on 30-Jan-2016
34 Views
Preview:
DESCRIPTION
TRANSCRIPT
Developments in the NIIDevelopments in the NII- communication services -- communication services -
December , 2009December , 2009
UNIS - TEM Dec 2009UNIS - TEM Dec 2009
Rob van EngelshovenRob van EngelshovenRob.van.Engelshoven@nc3a.nato.intRob.van.Engelshoven@nc3a.nato.int
NATO UNCLASSIFIED
NATO UNCLASSIFIED 2
OverviewOverview
● NCI ArchitectureNCI Architecture• DCIS TA, NGCS TA, ISAFDCIS TA, NGCS TA, ISAF
● NCI subsystemsNCI subsystems• Voice service, Protected Core, QoS, SLMVoice service, Protected Core, QoS, SLM
● DCIS, Satellite and ground systemsDCIS, Satellite and ground systems● FederationFederation● RecommendationsRecommendations
NATO UNCLASSIFIED 3
OverviewOverview
● NCI ArchitectureNCI Architecture• DCIS TA, NGCS TA, ISAFDCIS TA, NGCS TA, ISAF
● NCI subsystemsNCI subsystems• Voice service, Protected Core, QoS, SLMVoice service, Protected Core, QoS, SLM
● DCIS, Satellite and ground systemsDCIS, Satellite and ground systems● FederationFederation● RecommendationsRecommendations
Aspects of the new NCI Aspects of the new NCI architecturearchitecture
● Service catalogueService catalogue● Converged IP network IPv4/6Converged IP network IPv4/6● QoS control architectureQoS control architecture● Move to a Protected Core (Pcore)Move to a Protected Core (Pcore)● MPLS in the NATO PcoreMPLS in the NATO Pcore● Service Level ManagementService Level Management● Architectures : NCRA Ed1 and SGRA Ed2Architectures : NCRA Ed1 and SGRA Ed2
NATO UNCLASSIFIED 4
NATO UNCLASSIFIED 5
Operations & CIS infrastructureOperations & CIS infrastructure
NATO Business processes(OAA)
Networking and Information Infrastructure(NII)
SLA
NATO UNCLASSIFIED 6
NII in the NII in the NNEC CIS stack (subset DOTMPLFI)NNEC CIS stack (subset DOTMPLFI)
Se
rvic
e M
an
ag
em
en
t Co
ntro
l
Info
rma
tion
As
su
ran
ce
Users & Missions
Community of Interest
Information Integration
Communications
Service Catalogue (2010) - main Service Catalogue (2010) - main servicesservices
● Customer facing services :Customer facing services :• (secure) voice(secure) voice• Audio conferenceAudio conference• (secure) VTC(secure) VTC• TelefaxTelefax• Service DeskService Desk• IP-data serviceIP-data service• Circuit emulation (TDM over IP)Circuit emulation (TDM over IP)• L2 point-to-pointL2 point-to-point• WAN access for user domainWAN access for user domain• Wired Pcore interconnectWired Pcore interconnect• Satcom OTA Pcore interconnectSatcom OTA Pcore interconnect• Radio OTA Pcore interconnectRadio OTA Pcore interconnect
NATO UNCLASSIFIED 7
NCI architectureNCI architecture
● Core : transport system - Protected Core Network Core : transport system - Protected Core Network (PCN)(PCN)
● Access to the CoreAccess to the Core● EoIP & Circuit emulation subsystemEoIP & Circuit emulation subsystem● QoS control systemQoS control system● Service Level ManagementService Level Management● (Secure) voice/VTC system(Secure) voice/VTC system● Secure IP subsystemSecure IP subsystem● NU/NR IP subsystemNU/NR IP subsystem● User system accessUser system access● Other subsystems…. See NGCS TAOther subsystems…. See NGCS TA● DCISDCIS● SATCOMSATCOM
NATO UNCLASSIFIED 9
Relationship between Ref. Relationship between Ref. ArchitecturesArchitectures
NATO UNCLASSIFIED 10
NATO UNCLASSIFIED 11
Secu
re Vo
ice & V
TC
sub
system
Secure IP
subsystem
SP1
SP2ND
N
NGCS Protected Core subsystem
Secure IP
subsystem
NU/NR IP subsystem
Circuit E
mulation
subsystem
Unclass
Voice & VTC subsystem
Secu
re Vo
ice & V
TC
sub
system
Secure AIS
NU
/NR
AIS
HQ PABX
Unclass Legacy Circuits
NDN Telephony
Internet
Public PSTN
NDN Packet
DeployedDeployable
Secure Legacy Circuits
National Secret AIS
IEG
AISIF
AISIF
Bref
Bref
B ref
SIOP2
SIOP2
SIOP2
SIOP5
SIOP5
SIO
P5
SIOP5
SIO
P1
SIO
P1
SCIP to
VoSIP
ISG
ISG
-If
NATO-R GW
SIOP5
Baseline Unclass IP
Baseline Secure IP
Baseline QSIG network
VoSIP
VoIP
SCIP
NSIE
NSIE to
VoSIP
Dref
NNI or SIPIF
IProuted
Psecref
Pref
IProuted
TelephonyNUNI
TelephonyNUNI
TelephonyNUNI
VTCNUNI
VTCNUNI
Cref
Secure PRI
Dref
Theatre telephony
Dref or SIPIF
VMS/NS
NATO Communication
Infrastructure
NATO UNCLASSIFIED 12
NATO Communication
Infrastructure
SP1
SP2ND
N
NGCS Protected Core subsystem
Secure IP
Node
Circuit EmulationNodeUncl
ass
Voice
&
VTC Node
Bref
Bref
B ref
SIO
P2
SIOP2
SIOP5
SIO
P5
Fleet Interface Point
(HF - VLF)
SIOP5
NU/NR
IP N
odeSIOP2 SIOP2
PSecRef
Brass HF
Remote Tx SitesCircuit
Emulation
Node
PSecRef
SIOP2
Sec
ure
IP
No
de
NU
/NR
IP N
od
eNA
TO
Mar
itim
e H
Q SIO
P5
SIO
P5
SATCOM FIP including
HSB Theatre Injection Site and
NATO SGT Sites
SIO
P2
Circu
it
Em
ulatio
n
No
de
Brass H
F
Rem
ote R
x Sites
PS
ecRefS
IOP
2C
ircu
it
Em
ula
tio
nN
od
e
Circuit
Emulatio
n
Node
SU
B V
LF
Rem
ote
Rx
Sit
es
SUB VLF
Remote
Tx S
ites
Interconnection
With On Board NGCS Node
SIOP2
SIOP2
SIOP5
SIOP5
NU/NR
IP Node Secure IP Node
SIOP2
SIO
P2
PS
ecR
ef
PSecRef
Intra Nodal PerspectiveIntra Nodal Perspective
NATO UNCLASSIFIED 13
NDN
SP
SAT SAT
Deployable Assets
Deployed CRO
NGCS NODE A NGCS NODE B
REMOTE NATO NODE DEPLOYED NGCS NODE
NDN PacketNS/MS AIS
HQ PABX
Legacy Circuits
NU/NR AIS
NDN Telephony
Public PSTN NU/NR IPNodeUnclass
Voice & VTCNode
Circuit Emulation
Node
NGCSPcoreNode
NS/MS AIS
HQ PABX
Legacy Circuits
NU/NR AIS
NDN Telephony
Internet
Public PSTNNU/NR IPNode Unclass
Voice & VTCNode
Circuit Emulation
Node
NGCSPcoreNode
NS/MS AIS
HQ PABX
Legacy Circuits
NU/NR AIS
NU/NR IPNode Unclass
Voice & VTCNode
Circuit Emulation
Node
NS/MS AIS
HQ PABX
Legacy Circuits
NU/NR AIS
NU/NR IPNodeUnclass
Voice & VTCNode
Circuit Emulation
Node
NGCSPcoreNode
NGCSPcoreNode
Secure Voice & VTC
Node
Secure Voice & VTC
Node
Secure IPNode
Secure IPNode
Secure IPNode
Secure IPNode
Secure Voice & VTC
Node
Secure Voice & VTC
Node
Secure IPNode
Secure IPNode
Secure Voice & VTC
Node
Secure Voice & VTC
Node
Secure IPNode
Secure IPNode
Secure Voice & VTC
Node
Secure Voice & VTC
Node
NATO UNCLASSIFIED 14
OverviewOverview
● NCI ArchitectureNCI Architecture• DCIS TA, NGCS TA, ISAFDCIS TA, NGCS TA, ISAF
● NCI subsystemsNCI subsystems• Voice service, Protected Core, QoS, SLMVoice service, Protected Core, QoS, SLM
● DCIS, Satellite and ground systemsDCIS, Satellite and ground systems● FederationFederation● RecommendationsRecommendations
The Protected Core SegmentThe Protected Core Segment
● Protected Core segments can be federated to form Protected Core segments can be federated to form a Protected Core (Pcore)a Protected Core (Pcore)
● Reference to PCN briefingsReference to PCN briefings
NATO UNCLASSIFIED 15
NCI : Interconnection of security NCI : Interconnection of security domainsdomains
NATO UNCLASSIFIED 16
IP QoS :•Real-time data•Near-real time data•Interactive•Bulk transfer•Best Effort•Critical system data
ProtectedCore
Network
Network Protocol
Discontinuity
NATO UNCLASSIFIED 17
SCR
UAR
UAR UAR
UAR
UAR
SCR
SCR
NDN
SP
NDN
User domain
SLASIOP1
SLASIOP1
MPLS
NATOSATCOM
NationalSATCOM
CommercialSATCOM
NDN
ZNICESAR
User domain
ZNICE SAR
User domain
NGCS
LDP
RSVP-TEColored lines indicate different QoS properties
MPLS management & control
High availabilityWAN
NATO’s Satcom Protected Core NATO’s Satcom Protected Core Segment Segment
(PCS – terminals view)(PCS – terminals view)
NATO UNCLASSIFIED 18
NATO and NationalSatcom
transponders
NATO and National Satcom
transponders
SCR (P)
SCR (P)
Service ProviderNetworks
SGS-1(F1)
SGS-1(F14)
SCR (P)
SCR (P)
SCR (P)
SCR (PE)
UAR (PE)
UAR (PE)
UAR (PE)
SCR (P)
UAR (PE)
Tier-0 Tier-1 Tier-2
One PCS
Non-EPM (4486 ed.3)
EPM (4606 ed.1/ ed.3)
BCR (P)
BCR (P)
BCR (P)
BCR: Black Core Router
SCR: Satcom Convergence Router
UAR: Unclassified Access Router
SCR(PE)
UAR (PE)
UAR (PE)
UAR (PE)
UAR (PE)
UAR (PE)
UAR (PE)
: MPLS Core (TRANSIT, i.e. Tier-1, Tier-2)
: MPLS Provider Edge (ACCESS, i.e. Tier-3)
NATO’s Satcom Protected Core NATO’s Satcom Protected Core Segment Segment
(PCS – router view)(PCS – router view)
NATO UNCLASSIFIED 19
NATO and NationalSatcom
transponders
NATO and National Satcom
transponders
SCR (P)
SCR (P)
Service ProviderNetworks
SGS-1(F14)
SCR (P)
SCR (P)
SCR (P)
SCR (PE)
UAR (PE) UAR
(PE)
UAR (PE)
SCR (P)
UAR (PE)
Tier-0 Tier-1 Tier-2
One PCS
Non-EPM (4486 ed.3)
EPM (4606 ed.1/ ed.3)
BCR (P)
BCR (P)
BCR (P)
BCR: Black Core Router
SCR: Satcom Convergence Router
UAR: Unclassified Access Router
SCR(PE)
UAR (PE)
UAR (PE)
UAR (PE)
UAR (PE)
UAR (PE)
UAR (PE)
: MPLS Core (TRANSIT, i.e. Tier-1, Tier-2)
: MPLS Provider Edge (ACCESS, i.e. Tier-3)
Protected Core NodeProtected Core Node
NATO UNCLASSIFIED 20LP : Link Protection
Interface with nationsInterface with nations
NATO UNCLASSIFIED 35
NATO UNCLASSIFIED 36
Key Service Interoperability PointsKey Service Interoperability Points
SGRA
LocalUser Network
PCSNation A
E
C A
Maritime
D
BC
Airborne
Nationalplatforms
User Network
Existing systems
Link 16/22
PSTN/ISDN/GSMUMTS
Internet
Gateway
Gateway
Gateway
Gateway
Satellite dish
Satellite
Satellite dish
PCSNation C
Black MANET Black MANET
User Network
Link16/22
RAP
User Network
PCSTACOMS
Z
G2 SAR
IP-encryptionfunctions
1
2
3
4
5
4 4
44
4
1
1
1
2
2
2
1
3 3 3
4
4
4
2
4
1User
Network2
User Network
Airborne
WIRA
WIRA
S3RA
PCSTACOMS 1
Technology specific interfacesCore data and voice service providedCompliant with Security architecture requirements
PCS Nation B
3 rd partyprovider
PNG1 - Scenario 1 (2010)PNG1 - Scenario 1 (2010)
NATO UNCLASSIFIED 37
Service Management scenario 1 Service Management scenario 1 (2010)(2010)
NATO UNCLASSIFIED 38
NATO UNCLASSIFIED 47
SATCOMSATCOM
SATCOM
Deployable CIS (DCIS)Deployable CIS (DCIS)
● Based on NCI networking principlesBased on NCI networking principles• Service catalogueService catalogue• QoS control architectureQoS control architecture• Service level management (central - stand-alone)Service level management (central - stand-alone)
● Transportable - 5 days notice to moveTransportable - 5 days notice to move● Configuration templatesConfiguration templates● BC protectedBC protected● In support of NATO NRF (DJSE concept)In support of NATO NRF (DJSE concept)
• Large and very small nodes (ORLT)Large and very small nodes (ORLT)● SATCOM reach back and in-theatre connectivitySATCOM reach back and in-theatre connectivity
• Tier 1, Tier 2, Tier 3 and Tier 4; Tier 1, Tier 2, Tier 3 and Tier 4;
NATO UNCLASSIFIED 48
NATO UNCLASSIFIED 49
Interface roadmapopportunity
Guidance to nationsGuidance to nations
● InterfacesInterfaces• SIOP1,2,3,4,5SIOP1,2,3,4,5
● Service catalogueService catalogue• Definitions, KPI, KQIDefinitions, KPI, KQI
● Service Performance targetsService Performance targets• Reference circuitsReference circuits
● Management requirementsManagement requirements• B-2-B interface, Content, definitionsB-2-B interface, Content, definitions
● Trust relationshipsTrust relationships• Protected Core Network (PCN)Protected Core Network (PCN)
● Policies and Concept of employment (Conemp)Policies and Concept of employment (Conemp)• Cost share, processCost share, process
● RoadmapRoadmap
NATO UNCLASSIFIED 50
ConclusionsConclusions
• Service Oriented ApproachService Oriented Approach• service definitionsservice definitions• Service delivery PointsService delivery Points• Service Level AgreementsService Level Agreements• Service Level ManagementService Level Management
• Slow migration to IP-convergenceSlow migration to IP-convergence• Limited support in IP-crypto - NINE ISPEC2Limited support in IP-crypto - NINE ISPEC2• Limited NATO SLMLimited NATO SLM• Limited QoS controlLimited QoS control
• Push uniform & automated controlPush uniform & automated control• QoS enabled IPQoS enabled IP• SLM - SLA SLM - SLA • MPLSMPLS
NATO UNCLASSIFIED 51
Conclusions (cont'd)Conclusions (cont'd)
• Required developmentsRequired developments• Cross security domain managementCross security domain management• Guidance Package for nations about federation of Guidance Package for nations about federation of
communicationscommunications
● Essential to build a trust relationshipEssential to build a trust relationship
NATO UNCLASSIFIED 52
RoadmapRoadmap
NATO UNCLASSIFIED 53
NATO
NATO UNCLASSIFIED 54
Questions?
Back-up slidesBack-up slides
NATO UNCLASSIFIED 55
PNG1 - scenario 2PNG1 - scenario 2
NATO UNCLASSIFIED 56
PNG1 - scenario 3PNG1 - scenario 3
NATO UNCLASSIFIED 57
SIOP1, SIOP2SIOP1, SIOP2
● 1000BASE-SX ethernet1000BASE-SX ethernet● L2 802.1Q (VLAN)L2 802.1Q (VLAN)● L2 802.1X L2 802.1X
• PKI authorityPKI authority• Certificate based authenticationCertificate based authentication• 802.1 X port based auth. (EAP-TLS)802.1 X port based auth. (EAP-TLS)
● ManagementManagement• SLA templateSLA template• SLA management (KPIs)SLA management (KPIs)• Performance/fault reporting per VPNPerformance/fault reporting per VPN• Policing/shapingPolicing/shaping
NATO UNCLASSIFIED 58
SIOP5SIOP5
● IPv4 address harmonizationIPv4 address harmonization● 802.1X may avoid the BPD, to be verified802.1X may avoid the BPD, to be verified
NATO UNCLASSIFIED 59
top related