June 23, 2022
A software-defined WAN (SD-WAN) can establish a data fabric capable of handling any tactical edge scenario that requires a reliable WAN.
More than ever, data for situational awareness and important communications resides in one or more cloud systems. The United States Department of Defense (DoD) is actively seeking to collect and disseminate this information through programs such as the Joint All Domain Command and Control (JADC2) Strategy and associated efforts of the United States’ Advanced Battle Management System (ABMS). United States Air Force, the Army’s Project Convergence and the Navy’s Project Overmatch. However, all of this data is useless if the chosen wide area network (WAN) is unavailable or unavailable – a situation far too common in environments with denied, degraded, intermittent, or limited (DDIL) communications.
JADC2 is one of the most ambitious programs the DoD has ever undertaken. It will take years to realize the JADC2 vision and will require a combination of currently available technologies applied to new problems and new technologies to fill gaps. The purpose of JADC2, greatly simplified, is to break down existing barriers to communication and situational understanding. To prevent the war fighter from being hampered by a lack of information, we must break down the communication walls between the domains of land, sea, air, space and cyber.
All U.S. armed forces and coalition partners must be able to share data, and that data must be shared quickly — as close to real-time as possible — to connect the gunner to the information from sensors. To realize the JADC2 vision, a platform will be created to collect and process data to enable decision making with artificial intelligence (AI) and machine learning (ML) algorithms. The basis of the JADC2 vision is the data fabric for sharing information. A crucial part of that data fabric are the wide area networks (WAN) that connect different organizations, locations and domains. Think of these WANs as the thread that weaves the data structure that will bring JADC2 to success.
Since the military has switched from expensive, proprietary or GOTS [government off-the-shelf] solutions, towards more cost-effective COTS [commercial off-the-shelf] solutions, the services have realized the importance of keeping the industry informed about their needs. At technical exchange meetings, for example, the army presents the industry its roadmap for future capabilities. These ability sets are presented in two year increments named after the year. So we’ve set up capacities CS21, 23 and beyond through 27, and probably soon. Through this process, the military hopes to ensure that tomorrow’s commercial solutions meet the needs of the United States military.
A key component of the Army’s Future Integrated Tactical Network is a transport-agnostic pipe made up of virtualized bandwidth. This bandwidth must be able to be tuned and optimized at any time for the most critical applications and data. Similar targets are present in the United States Air Force’s ABMS and the Navy’s Project Overmatch. The operational vision and challenges envisioned in Capability Set 27 in a few years’ time anticipate that key functions will rely on a transport-independent network across the lower and upper tactical internet.
We often hear of DDIL (or DIL) short for the challenges faced by electronic communications in the field, especially wireless communications. The current plan to reduce DDIL includes the use of automated PACE: PACE is the military concept of a combination of technologies, defined as primary, alternative, contingency and emergency path. An example of such wireless communication technologies can be DISA, SATCOM, MPLS, 5G/LTE and broadband. A PACE plan defines how and when to deploy each of these technologies, essentially a DoD solution to what is truly a global problem. WAN or Internet access is expected to be ubiquitous, even in remote locations, which is as true for critical businesses, infrastructure or healthcare as it is for military and emergency services.
When we look at these wireless technologies – be it SATCOM, cellular, Wi-Fi, radio or line of sight (LoS) – they are all subject to some degree of denial or disruption. This service failure can be due to a malicious or malicious actor, environmental conditions, hardware failure, or even a simple misconfiguration or field compromise during implementation. Even when things work well, some technologies only provide intermittent communication.
For example, SATCOM is subject to fading due to rain or loss of line of sight for a LoS connection. These individual technologies have limited bandwidth compared to what is available to most businesses, while in most cities you can call one or more carriers and get a multigigabit WAN connection in a matter of days.
Some technologies – such as commercial cellular or MANET [mobile or wireless ad hoc network] – may offer good connectivity and be relatively inexpensive, but neither is particularly fast. Remember, we are talking about communications in a tactical environment, not in the latest 5G ultrawideband bubble. Other technologies such as commercial low-Earth-orbit (LEO) SATCOM may be relatively cost-effective and fast, but at the moment they are not very reliable. Even as technology matures, it’s unclear whether military customers will have priority access to these commercial assets in an emergency. (Figure 1.)
[Figure 1 | No current, single WAN technology is “best” under all circumstances. SD-WAN combines the strengths of multiple WAN technologies.]
While any current technology is not flawless, we can combine multiple WANs, leveraging the best features of each and overcoming its limitations. Most enterprise network vendors have SD-WAN offerings that solve or are trying to solve this problem. Almost universally, SD-WAN solutions decouple network hardware from network control and use centralized management to improve the deployment and maintenance process. (Figure 2.)
[Figure 2 | A conceptual diagram illustrates SD-WAN across a battlefield network.]
The more sophisticated or full-featured SD-WAN offerings can be application-aware and use that information to direct traffic — the days of miles of access control lists and DSCP markings to classify and manage network traffic are long gone. Furthermore, these updated solutions extract information from billions of commercial “WAN hours” learned from numerous connection technologies and how they respond under adverse conditions.
When selecting a deployable system to handle SD-WAN, system designers can answer a few key questions to ensure they get the best solution. For example:
- Does the system work on private networks?
- How long can the system run with a connection to the Orchestrator and what features are disabled when running in this mode?
- Can the orchestration be distributed and can the orchestrator be overwritten from the node?
- How do multiple orchestrators sync and perform meshed management?
The system designer must also decide what type of hypervisors and what processing and memory requirements the system can support for different speed networks. For example, whether the system is only x86-based or requires its own hardware. Additional considerations include the number of WAN ports the system must support and how it will handle provisioning.
An example of a compact, energy-efficient hardware router that can deploy high-speed networking at the tactical edge and provide connectivity to the Cisco SD-WAN ecosystem is Curtiss-Wright’s PacStar 447 router, powered by Cisco IOS-XE. . (Figure 3.) For Cisco or other SD-WAN virtual products, the PacStar 451 server supports all major hypervisors and has up to five Ethernet ports. Both robust, compact modules, only 5.3″ wide and 7.1″ deep, are tested to MIL-STD 810 and can operate standalone on AC, DC or battery power. They can also be snapped together with other 400 series modules or placed in a smart chassis.
[Figure 3 | The PacStar 447, powered by the Cisco ESR 6300 router, is ready to connect to Cisco SD-WAN-enabled networks.]
Dominic Perez, CISSP is the CTO at Curtiss-Wright Defense Solutions and a Curtiss-Wright Technical Fellow; he joined PacStar in 2008 and joined Curtiss-Wright through the acquisition of PacStar in 2020. Dominic currently leads the teams developing Curtiss-Wright’s PacStar Commercial Solutions product lines for Classified, Modular Data Center and Tactical Fusion System. Prior to joining PacStar, Dominic worked for Biamp, where he created an automated test infrastructure for the hardware, firmware and software that power its network-distributed audio, teleconferencing and paging systems. Dominic studied mechanical engineering and computer science at Oregon State University. He currently holds multiple professional certifications from VMware in Data Center Administration; Cisco in design, security and routing/switching; and EC Council and ISC2 in Security.
Curtiss-Wright Defense Solutions https://www.curtisswrightds.com/