SubscribePacketAssure - Simplifying IP Networks with Superior Quality of Service.
Overview Speed, mobility, and availability drive the rapid evolution of the modern military network. An expanding user base needs access to key applications from one network port, while connecting to the network over radio, satellite, or wire line. Internet Protocol (IP) is at the center of this transformation and is replacing circuit networks to support greater access and mobility.
The escalating demand for communication services is driving networks to integrate optics and highspeed radio to address bandwidth requirements. Even with the rapid migration to IP broadband technologies, technical challenges still abound for extending converged communications to the remote war fighter. Chronic congestion issues at the access points of the network jeopardize time-critical communications to the war fighter, increasing the risk that key communications may be lost or delayed.
The security issues surrounding how classified and nonclassified information coexist on the IP network have led to introduction of virtual private networks (VPNs) that degrade data throughput, increase equipment inventory, and present complexity to the network operator.
PacketAssure addresses these issues by preserving the quality of voice and video communications over congestion-prone IP network links as reliably as legacy, time-division multiplexed solutions while supporting the data throughput efficiencies of dynamic packet networks.
In addition, PacketAssure will maintain separation of data between networks that eliminate the need for VPNs, and free inline encryption units to secure payloads only. PacketAssure eases the transition to IP Network- Centric networks with legacy circuit interfaces, such as EIA- 530, which encapsulate data in IP packets and applies a priority to assure reliable operation of circuit devices over the IP Network.
Overview
PacketAssure operates at the link and Ethernet layers, complementing existing IP router networks by shaping and policing LAN segments before aggregating them onto an Ethernet link with legacy circuit traffic. Traffic anagement is implemented by assigning a service classification to each Ethernet port. Classifications include Priority, Variable, and Best-Effort flow rates.
A network processor analyzes the data rates on each configured port and controls data throughput by identifying packets that exceed a peak data rate and tag them for retransmission. High service quality can be obtained by permitting users to pinpoint the applications subject to discard without complex policy definitions and configuration.
The PacketAssure Core The key elements of the PacketAssure core are a network and host processor. The network processor has a separate data buffer associated with each PacketAssure interface port. Each interface is modeled as a virtual circuit and traffic management decisions are made based on the configured policy for each virtual circuit and detection of congestion for data accessing the aggregated Ethernet uplink.
To overcome variable latency issues, IP data is fragmented into fixed-sized packets and tagged with destination and service class information before being fed into a switch matrix. After switching to the destination interface port, all IP packets are reassembled and all fragmentation overheads are removed.
The buffering and switching architecture of PacketAssure keeps the virtual circuit data isolated to deliver high information assurance. Virtual circuits connect the ingress points of PacketAssure to the egress points, making PacketAssure's core function as a smart bridge to map data between source and destination addresses.
The network processor creates and maintains an Ethernet MAC address table that permits the switch matrix to direct traffic only between the originating and destination interface ports. The host processor controls all operator interfaces and manages all configuration elements. The operator interface includes a SNMP agent that supports monitoring and control of PacketAssure.
Traffic Management
PacketAssure supports three general service classes: Priority Flow Rate (PFR), Variable Flow Rate (VFR), and Best-Effort Flow Rate (BEFR). PFR is the highest priority and will preempt any lower priority traffic. Applications best suited for PFR have predictable bandwidth requirements, like voice or serial data transmission. Applications with sporadic bandwidth requirements may use PFR with the support of a windowed protocol like TCP or HTTP.
The second priority is VFR and it preempts BEFR traffic. VFR is modeled for applications with a nominal variation in bandwidth requirements like video over IP. BEFR is the lowest priority and is modeled for besteffort traffic. BEFR, however, may use all unused bandwidth when PFR and VFR applications are inactive.
A unique aspect of PacketAssure is the ability to measure the rate at which data is flowing over a virtual circuit. Each virtual circuit is assigned a peak data rate to facilitate "fair" sharing of bandwidth across circuits. Packets that exceed the peak data rate are candidates for retransmission in event of data congestion. The VFR class of service also permits administrators to specify a sustained data rate and maximum burst size for VFR circuits.
Most reachback circuits today are still based on time-division multiplexed (TDM) technology. Replacing TDM technology with IP packet technology expands the communication link from a simple point-to-point connection to an access point to the greater defense network.
In addition packet technology provides better bandwidth sharing and efficiency. PacketAssure supports the move to IP by assuring the critical command and control information is not degraded during congestion periods.
In addition, PacketAssure can transport IPV4 and IPV6 traffic without a dual stack and the associated information assurance issues. The application above depicts IP applications receiving a traffic management priority by routing the application to a specific PacketAssure port. The Priority Flow Rate can assure that VOIP and video traffic maintains quality over the converged satellite link.
PacketAssure will assure that all VFR packets conforming to the sustained data rate are delivered to the network. If there is a period where the VFR circuit uses less than the sustained data rate and there is bandwidth available not being used by another PFR or VFR circuit, the VFR circuit may burst up to the peak data rate until the maximum burst size is exhausted.
In addition to service classification and data rates, administrators may select a buffer size associated with each virtual circuit in the system. In effect, increasing the buffer size improves the delivery priority for a connection by accepting more latency in the circuit to avoid discarding of data during brief congestion periods. Configuring buffer sizes allows traffic management of multiple BEFR circuits to be differentiated.
Model Descriptions
PacketAssure is available in the TL and EX models. Both models support AC power and are rackmountable. The TL model offers two interface slots and includes a Traffic Management Processor and a built-in Ethernet management port. The TL model supports up to 8 ports of Ethernet or Serial data. The EX model offers redundant AC power supplies, six interface slots, and up to three Traffic Management Processors.
All interface modules are interchangeable between the TL and EX models. The EX model includes System Utility Modules (SUMs, ordered separately) that provide for management and timing functions, as well as an alarm relay to make operatorsaware of system alarms. SUMs may be configured redundantly and can be ordered with or without a Stratum-3 timing source for network timing.
Wireless technology is being deployed to bring the perimeter of the network closer to the warfighter. Network implementers must answer the challenge of supporting multiple applications over a wireless link and assuring that the data is secure.
PacketAssure adds value to wireless networks by aggregating IP and legacy data streams with proper quality of service considerations, switching the aggregate through a Type 1 encryption unit, and encapsulating the black data in IP packets before sending the data to the radio.
The diagram above depicts two IP networks attached to two Ethernet ports and a serial data input attached to a Serial to IP port.
PacketAssure shapes the data and switches an HDLC stream out to a third Serial to IP port, then into a Type 1 crypto. The BLACK data is returned to the a Serial to IP port, placed in IP packets and switched to an Ethernet port for radio transmission.
Interface Modules
Four-Port Ethernet Interface: The interface includes four 10/100T Ethernet ports that can be configured independently to support IPV4 or IPV6 traffic. Each port can be assigned a unique service class and traffic management parameters. Serial to IP Interface: The interface includes four DCE EIA 530 synchronous data ports that encapsulate unstructured data into IP packets. The interface can receive timing from the system-timing master or an external clock signal and supports a wide range of data rates from 75 bps to 16.384 Mbps.
Operation of port control leads may be independently configured to be disabled, handshake as specified by the EIA 530 standard, or the state of the local DTR lead may be transferred across the network to the remote DSR lead for "Push-to-Talk"-like signaling across the network. Separate from control lead configuration, the RTS lead can be configured to signal PacketAssure to enable or disable port data transmission, dynamically releasing bandwidth to other applications when the port is not in use.
Each Serial to IP port has a unique MAC address and the user configures the IP address, subnet mask, and IPV4 TOS bits. The IP packet payload size is userconfigurable and constrained by the data rate selected.
Management
The PacketAssure platform may be operated from a serial console port or either a telnet or http-based interface that runs on an integrated, Ethernet management port. In addition, a SNMP client and Management Information Block (MIB) are available to monitor PacketAssure operation from a Network Manager.
