Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Network-Centric Operations Research, Lunar Relay, and Distributed NCO Testbed Discussions (Group 2 of 2) Will Ivancic
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Agenda 1:00 – 1:15 Opening Remarks –Meeting goals –Introductions !:15 – 2:45: Lunar Relay Discussions –1:15 – 1:45 CLEO/VMOC –1:45 – 2:15 DTN ESTO funded work DTN collaborative testbed proposal –2:15 – 2:45 Lunar Relay Questions (see attached or below) 2:45 – 3:00 Break 3:00 – 4:45 Network Centric Operations Research –3:00 – 3:15Goals International Interoperability Security security security –3:15 – 3:45Constellation / Space Communication and Navigation issues C3I Interoperability Specification CEV schedule SCaN Flow example –3:45 – 4:15Collaborative Testbed Testbed Proposal Moonv6 >> Lunar6 AIAA NCO Program Planning 4:45 – 5:00 Cleanup –Closing Comments –Action Items
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Goals Gain NASA support for implementation of a distributed NCO research testbed for space- related networking. –Distributed mainly between university with some possible NASA center connections
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Understanding How Pilot Deployments Enable Risk Reduction
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Widely Integrated Distributed Environment (WIDE) IPv6 Network WIDE Project, launched in 1988, is to establish a Widely Integrated Distributed Environment: a new computer environment based on operating systems and communications technology, designed to benefit the human race on a broad scale. WIDE Internet has always been used as widely as possible, not just by the researchers directly involved, but also by people working in other disciplines. (Research and Operational) WIDE IPv6 Working Group formed in 1996 Ongoing work in IPv6 Routing, Security, Mobility and Applications
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April DoD Compliance Testing Joint Interoperability Test Command (JITC) –"one-stop systems testing" –One-of-a-kind array of hardware, software and staffing –The command can interface all its on-site capabilities and network with any other testing or operational facility worldwide JITC evaluates interoperability in the most operationally realistic environment possible –Determines if the system conforms to applicable standards –Ensures data collected is adequate for evaluating interoperability issues Interoperability is essential for seamless and effective operations of joint, combined, and coalition forces –JITC Interoperability Certification Process
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Types & Environments Types 1. Standards Conformance Standards conformance is the ability to adhere to rules contained in the applicable standards. 2. Joint Interoperability Ensures that system effectively exchanges information with joint participants in both environments. Note: Standards provide a necessary building block for ensuring interoperability, but are not sufficient to ensure that systems are interoperable in a joint environment. Laboratory Live Building Block Approach Certification Standards Conformance Tests Interoperability Tests Environments 1. Laboratory/HWIL Comprehensive data collection for multiple tests under controlled conditions. Can include realistic loads and Hardware In The Loop. Test asset availability provides a representative sample of joint service participation. 2. Live Exercise/OT Event Tests ability to effectively exchange information with joint participants in an exercise or test environment with conditions as realistic as possible. Ensures end-to-end interoperability (after component integration) to assure total system interoperability effectiveness Tests are conducted in the appropriate environment to address both types of certifications
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Joint Interoperability Test Command Brochures
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Pilot Programs and Demonstrations Defense Research and Engineering Network (DREN) –Among the first network pilots in DoD transition to IPv6 –A robust, high-capacity, low-latency nation-wide network that provides connectivity between and among the High Performance Computing Modernization Program’s (HPCMP) geographically dispersed HPC user sites, HPC Centers, and other networks. –Provided under a commercial contract. –Implemented as a virtual private network based on its commercial infrastructure. –DoD’s official long-haul network for computational scientific research, engineering, and testing in support of DoD's S&T and T&E communities Moonv6 –Participants: North American IPv6 Task Force, the University of New Hampshire, the Joint Interoperability Testing Command, and Internet2 –Collaborative IPv6 interoperability and application demonstration event in the North American market –Develop mainstream IPv6 IT expertise within US as found in IT communities elsewhere (Asia and Europe) –Garner extensive, real world, IPv6 deployment experience –Testbed for equipment and application vendors to demonstrate the maturity and robustness of their respective IPv6 implementations to prospective users and adopters of IPv6.
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Department of Defense (DOD) Interoperability Communications Exercise (DICE) Annual exercise, sponsored by Joint Forces Command (JFCOM) and hosted by the Joint Interoperability Test Command (JITC). The sole DOD exercise whose primary purpose is to generate Joint interoperability certifications. Builds upon the successes discovered during other DOD technology demonstration and risk mitigation events. Participation includes communications equipment and personnel from each of the Services as well as the Department of Homeland Security (Federal Emergency Management Agency). Configurations are representative of those used in real world combat and contingency operations by the Warfighting community –Provide sufficient data to assess the interoperability of the systems –Determine if previously experienced anomalies were corrected
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Moonv6
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Moonv6 The most aggressive collaborative IPv6 interoperability and application demonstration event to date Participants: North American IPv6 Task Force (NAv6TF), the University of New Hampshire - Interoperability Laboratory (UNH-IOL), Internet2, vendors, service providers, and regional IPv6 Forum Task Force network pilots worldwide –The U.S. Government's Department of Defense Joint Interoperability Testing Command (JITC) plays a significant role in many of the Nav6TF IPv6 demonstrations ensuring DoD interoperability and migration objectives are identified and demonstrated. Provides an overlay network on which applications can be shared and end to end testing can take place The Moonv6 network is a set of native IPv6 connections between sites on the global Internet that will forward packets to other Moonv6 peering sites. –Native IPv6 connection to the Internet encouraged –IPv6-in-IPv4 tunnel hops permitted for a 90 day period to test on the Moonv6 network, provided the requestor, not Moonv6 administration, defines and administers those tunnels. Deployment-style device testing at several network sites –Execute rigorous, protocol-specific test plans created under the guidance of telecommunication carriers, service providers and other real network operators © 2004 Syzygy Engineering – Will Ivancic
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Interoperability and Test Activities Lab-based testing of vendor products –Should conform to several base specifications. Core IPv6 functionality items such as address autoconfiguration, duplicate address detection, path MTU and fragmentation, mulitple prefixes and network renumbering, and redirect functions will be validated. Passing data traffic between nodes with ICMP, TCP, and UDP. Routing interoperability testing will be performed on IPv6 capable routers within and between various sites –RIPng, BGP4+, and OSPFv3. Mobility tests will validate the ability of home agents, mobile nodes, and correspondent nodes to correctly interoperate in a mobile IPv6 environment Common network services. –DNS, NFS, web servers, and general business/personal applications (i.e. SSH, FTP, web browsing, streaming media, video conferencing, and network gaming) will be tested for IPv6 enablement Advanced scenario testing will be conducted to determine network resiliency Network security testing (via hacking, DoS attacks, Red Teaming) © 2004 Syzygy Engineering – Will Ivancic
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Moonv6 Network
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Final UNH Topology for Phase II
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April PKI Test Network
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Additional Testing November, 2004 –First IPv6 Firewall Testing –First IPv6 iSCSI Demonstration April, 2005 –Applications Demonstration November, 2005 –Mobility and DHCP –Largest IPv6 IPSec test event July 2006 Test Round –NTP Demonstration –IPsec –DNS/DHCP –Firewall and Application –Transition Testing Future Test Areas –KEY ITEMS Applications –DNS/DHCP Functionality –Firewall and IPSec Attack Scenarios Routing Protocols VoIP IDS/IPS –Transition Mechanisms SECONDARY ITEMS –Routing –Protocol Interoperability –Detailed QoS measurements –Mobile IPv6 –Applications Mail Servers Multimedia streaming –PPPoE –IPv6 Radius Servers
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April June 2007 Test Set Items The focus of the June 2007 Test Set is on End-to-End secure network demonstrations including rich media, voice and software applications. The purpose is to exemplify IPv6 progression and growth to the IPv6 community as well as validate real peer-to-peer applications without the need of a central authority. –Redundant Command and Control Center –End-to-End Secure Network Demonstrations –Printing Server Demonstrations –IPv6 Application Demonstrations Voice Media Software Applications Along with the WAN testing, the UNH-IOL will become a redundant command and control center for the first responders working along side MetroNet6. The MetroNet6 will emulate a Command Control Center, using Moonv6, over the Internet to an emulated National Homeland Security Office securely for communications updates. This metropolitan network will be used for: –Voice –Video –Graphics –Intelligence –Medical –Other forms of data through multimedia communications
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Benefits Testbed will remain in place for future use Hands on training –Configuration, troubleshooting, security Product development information Interoperability Test Environment Future Vision –Create a virtual Internet backbone with the ability to do pre-production testing Security Multimedia Roaming devices and other services –Serve as a deployment test bed and continue to empower service providers and suppliers from every sector, including industry, universities, research laboratories, Internet service providers and U.S. government agencies. © 2004 Syzygy Engineering – Will Ivancic
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Lunar6 Distributed Space/Ground Network Centric Operations Research Testbed
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Network Centric Operations Research (NCO) Objectives Attack NCO Operations Problems in real-world space and ground deployments –Security –International Interoperability –Off-nominal Operations –Increase Operations Readiness Level (ORL) as well as TRL Schedule Milestones FY2008 – Industry/Academia/NASA testbed up and running FY2008 – International NCO network design and collaborations FY2009 – Secure International Interoperability Testing FY 2009/2010 – International flight demonstration on a variety of smallsats Approach Industry/Academia/NASA combined space network testbeds –Minimize Cost / Maximize Return –Train new engineers on space-based NCO issues –Perform Human Factors Research Protocol Development and Deployment using operational systems International Interoperability and Security via real-world operations
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Approach Industry/Academia/NASA combined space network testbeds –Protocol Development Allow Academia and Industry to develop the protocols Allow NASA to concentrate on reliable flight hardware/software implementation –Aerospace Communication and Network Engineer development (for NASA and DoD) –Include NASA Operations Personnel –Human Factors –Social Factors Protocol Development and Deployment (including operational experience) –Internet Protocol version 6 –Delay/Disruption Tolerant Networking International Collaboration on protocol development (DTN bone) bundle agent discovery for space International Interoperability –Sharing of resources (ground stations, relays) –Automated Scheduling (NASA, ESA, JAXA, commercial) –Network Security (Securely Combining Networks where appropriate) Security –International Operations ITAR (And the foreign state equivalent) –Store-and-Forward (data at rest) –Key and Policy distribution Operations and operational deployment Issues– particularly manned operations –Voice Loops (audio multiplexing) –Multicast commanding during launch (flood routing) –Off-Nominal operations Unidirectional links Radio Cross-strapping (addressing and security considerations) –Routing Network Addressing Networks in Motion (nemo), a mobile IP based routing mechanism Mobile Ad Hoc Networks (manet) Standard routing mechanisms (OSPF, RIP, etc)
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Testbed Distributed NCO Testbed (All Operations over Emulated Links!) Anomaly Implementation and Control Network Monitoring and Human Factors
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Rules of Engagement One is only allowed to command, control, communicate, and update systems over the links expected in space Failures will be injected into systems to experiment with recovery techniques; Failures will be implemented over an anomaly control network independent of the communications network Failure modes could be recommended by NASA Operations personnel A separate high-rate human factors monitoring network could be put into place to monitor the people working on configuring and trouble-shooting the communications network.. This would provide interesting information on human factors. Such information would be invaluable to NASA. The various systems will even be place in remote locations such as different universities.
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Distributed Testbed (Notional) Crew Exploration Vehicle (CEV) Communications Satellite Relay Satellite Lunar Base Station Launch Site Control Center Flight Test Facility Ground Station Tracking Station Case Western Reserve University of Southern California Florida State University of New Hampsire Washington State Keio University Université de Toulouse Carnegie Mellon University Psychology: Harvard, Yale, Stanford Controls: University of Houston, Cleveland State
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Skill Sets NASA has numerous excellent communication engineers. –Excellent understanding of point-to-point radio communications. –Generally have very little knowledge of how the radio system affects the upper layers of the protocol stack, the networking, transport, security, and applications. NASA has numerous excellent terrestrial networking engineers. Some of these engineers even understand network security. It is an extremely rare individual that understands the interaction of radio systems and networks. –These individuals reside on the networking side simply because at some point they are forced to understand why protocols are not working as expected. It is even rarer to find an individual that understands the interaction of radio systems, networking and security. This skill set needs to be developed and is also greatly needed by DoD.
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Example Problems Who controls the key management and distribution? Where does this system reside? How are keys distributed? Who controls security policy management and distribution? Where does this system reside? How is policy distributed? What are the hardware systems reset policies? One may suspect that they will be different for manned spacecraft versus unmanned spacecraft. Do I have a back-channel for when I lock myself out of a system either by misconfigured security policy or misconfigured static routing or misconfigured radios? Is that back channel via a virtual circuit of a different radio system? One may suspect that this will be different for manned spacecraft versus unmanned spacecraft. Do I always have to encrypt my RF links, or during off-nominal operations can I revert to unencrypted links? Is this network to operate only in the closed IONET or should the design allow for International operations – this highly effects implementation and security. What risks is NASA willing to take regarding flight hardware and software certification for manned and unmanned operations? Do I need 24/7 communication for manned missions, or do we need to learn how to operated in autonomously?
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Items Requiring Immediate Attention Off-nominal voice-over-IP concepts Domain Named Services in space environments Security Certificate and Policy management and distribution in space environment Utility of Delay/Disruption Tolerant Networking for Space Deployment of Multicasting in extreme environments for commanding (effectively flood routing) The utility (or lack thereof) of Policy-base routing in multi-homed systems Blind Commanding Predictive Routing Security, Security, Security Dynamic Routing in space (including MANET) Mobile-IP for space Effects of delays and bit-error-rates on various protocols – particularly with an IPsec security overlay Utility of various radio systems Robust communication hardware architectures (what is the most robust way to put together antennas, up/down-converters, interface cards, routing devices and security hardware).
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April International Interoperability It’s all about security! Today’s NASA claims International Interoperability –For the most part it is at the data-link layer and below –Or, at the Federal Express layer. Mission Planning and Scheduling service must be implemented. A framework for such exists as part of the SLE, but has more to do with scheduling assets than extending the space link. Full interoperability means forward and return data is actually transmitted though systems owned and operated by various entities –This has an enormous security implications
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Conceptual Lunar Communications Architecture How Does One Address This Network? Ground Network GS1GS2 Net Relay CEV1 LAN WAN / Legacy Element Custom Interface GSN L1/L2 Relay CEV2 MOC Tunneled Data Legacy Formats
Glenn Research Center Satellite Networks & Architectures Branch Communications Technology Division NCO Research Meeting NASA HQ 09 April Routing IPv6 Dynamic Routing works. IPv4 Dynamic routing DOES NOT?