D.2. Communication Services

298. Definition: Communications Services interconnect systems and mechanisms for the opaque transfer of selected data between or among access points, in accordance with agreed quality parameters and without change in the form or content of the data as sent and received.

299. Communications Services can be further defined as:

  • Transmission Services

  • Transport Services

  • Communications Access Services

D.2.1. Transmission Services

300. Definition: Transmission Services cover the physical layer (also referred to as media layer or air-interface in wireless/satellite (SATCOM) communications) supporting Transport Services, as well as Communications Access Services. Support for the latter is relevant to personal communications systems, in which the User Appliances directly connect to the transmission element without any transport elements in between.

D.2.1.1. Standards

301. Although the implementation scope of AMN technically does not cover Transmission Services, there is one area that provides the foundation for the provision of federated services on the AMN. The Standards listed in Table D.2 need to be adhered to.

Table D.2. Transmission IA Services Standards
ID: Service/Purpose Standards Implementation Guidance
1:Information Assurance during Transmission

Mandatory: ACP 176 NATO SUPP 1 (NC)

ACP 176 NATO SUPP 1 (NC) provides configuration settings necessary to ensure interoperability when different cryptographic devices (e.g. KIV-7/KG84/BID1650) are employed together.


D.2.2. Transport Services

302. Definition: Transport Services provide resource-facing services, providing metro and wide-area connectivity to the Communications Access Services that operate at the edges of the network. In that role, Transport Services interact with the Transmission Services using them as the physical layer fabric supporting the transfer of data over a variety of transmission bearers as and where needed.

303. Transport Services are further defined in the C3 Taxonomy, however the area that is most relevant to the AMN are:

  • Edge Transport Services

304. Definition: Edge Transport Services provide the delivery or exchange of traffic flows over different Transmission Services. The traffic flows are formatted and delivered by the Communications Access Services at the edges of the network. This "edge" in Edge Transport is the Wide Area Network (WAN) edge (i.e. the provider edge). In Protected Core Networking (PCN) terms, the edge can be considered as the entry point into the Protected Core.

D.2.2.1. Standards

305. The AMN is a converged IP network applying open standards and industry best practices. The AMN architecture uses interconnection based on IPv4 between the Mission Networks (also referred to as autonomous systems).

306. The AMN was originally conceived with IPv6 as the target for interconnecting autonomous systems (although no TCN has yet indicated that they wish to implement this on the AMN).

307. It is now advised that all new equipment, services and applications must support a dual IPv4/IPv6 stack implementation to future-proof the AMN for the long term .

308. The interconnection between Mission Networks is based on STANAG 5067 enhanced with a non-tactical connector and optional 1Gb/s Ethernet. STANAG 5067 provides additional implementation, security and management guidance. Due to the classification level of the AMN, dedicated transmission security (crypto) equipment is used.

309. The standards for Transport and corresponding Communications Equipment are given in Table D.3.

Table D.3. Edge Transport Services and Communications Equipment Standards
ID: Service/Purpose Standards Implementation Guidance
1: Edge Transport Services between autonomous systems (IP over point-to-point Ethernet links on optical fibre)[a]
  • Mandatory: ISO/IEC 11801: 2002-09, Information technology –Generic cabling for customer premises, Clause 9. Single-mode optical fibre OS1 wavelength 1310nm.

  • Mandatory: ITU-T G.652 (11/2009), Characteristics of a single-mode optical fibre and cable. (9/125μm)

  • Mandatory: IEC 61754-20: 2012(E), Fibre optic interconnecting devices and passive components - Fibre optic connector interfaces - Part 20: Type LC connector family. LC-duplex single-mode connector.

  • Mandatory: IEEE Std 802.3-2013, Standard for Ethernet- Section 5 - Clause 58 - 1000BASE-LX10, Nominal transmit wavelength 1310nm.

IPv4 over Ethernet:

  • Mandatory: IETF STD 37: 1982 / IETF RFC 826: 1982, An Ethernet Address Resolution Protocol

IPv6 over Ethernet (Optional):

  • Mandatory (if option taken):IETF RFC 4861: 2007, Neighbor Discovery for IP version 6 (IPv6)[b]

Use 1Gb/s Ethernet over Single-mode optical fibre (SMF).

2: Inter-Autonomous System (AS) routing

IPv4 over Ethernet:

  • Mandatory: IETF RFC 1997:1996, BGP Communities Attribute.

  • Emerging: IETF RFC 3392: 2002, Capabilities Advertisement with BGP-4[c].

  • Mandatory: Border Gateway Protocol V4 (IETF RFC 1771, March 1995)[d].

  • Emerging: IETF RFC 4760: 2007, Multiprotocol Extensions for BGP-4[e].

32-bit autonomous system numbers:

  • Mandatory: IETF RFC 6793: 2012, BGP Support for Four-Octet Autonomous System (AS) Number Space.

  • Mandatory: IETF RFC 4360: 2006, BGP Extended Communities Attribute.

  • Mandatory: IETF RFC 5668: 2009, 4-Octet AS Specific BGP Extended Community.

IPv6 over Ethernet (Optional):

  • Mandatory (if option taken): IETF RFC 2545: 1999, Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing[f].

BGP deployment guidance in: IETF RFC 1772: 1995, Application of the Border Gateway Protocol in the Internet.

Detailed Interface Control Document for “Connection Between CISAF network and TCN networks” [Thales ICD NIP Dec 2012]

3: Inter-Autonomous System (AS) multicast routing IPv4 over Ethernet[g]:
  • Mandatory: IETF RFC 3618: 2003, Multicast Source Discovery Protocol (MSDP).

  • Mandatory: IETF RFC 3376: 2002, Internet Group Management Protocol, Version 3 (IGMPv3).

  • Mandatory: IETF RFC 4601, Protocol Independent Multicast version 2 (PIMv2) Sparse Mode (SM).

  • Mandatory: IETF RFC 4760: 2007 “Multiprotocol Extensions for BGP (MBGP)”.

IPv6 over Ethernet:

  • Note: No standard solution for IPv6 multicast routing has yet been widely accepted. More research and experimentation is required in this area.

 
4: Unicast routing
  • Mandatory: IETF RFC 4632: 2006, Classless Inter-domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan.

 
5: Multicast routing
  • Mandatory: IETF RFC 1112: 1989, Host Extensions for IP Multicasting.

  • Mandatory: IETF RFC 2908: 2000, The Internet Multicast Address Allocation Architecture

  • Mandatory: IETF RFC 3171: 2001, IANA Guidelines for IPv4 Multicast Address Assignments.

  • Mandatory: IETF RFC 2365: 1998, Administratively Scoped IP Multicast.

 

[a] FMN: A key improvement that the FMN will bring is the ability to create connectivity over a Time-division multiplexing (TDM) Wide Area Network (WAN). For this a suite of standards additional to those for a fibre based network has been drawn from TACOMs and demonstrated. The FMN Profile [NCIA TR-2013/SPW008910/01] will include implementation notes and instructions for these.

[b] FMN: will implement IETF RFC 4861.

[c] FMN: Note that RFC 3392 2002 is obsolete. FMN will directly implement RFC 5492 2009 Capabilities Advertisement with BGP-4. It is unlikely that this would be implemented on the AMN as it would affect the NIPs

[d] FMN: Will implement IETF RFC 4271. FMN notes: IETF RFC 4271 obsoletes IETF RFC 1771. BGP sessions must be authenticated, through a TCP message authentication code (MAC) using a one-way hash function (MD5), as described in IETF RFC 4271.

[e] FMN: Will implement IETF RFC 4760.

[f] FMN: Will implement IETF RFC 2545.

[g] FMN: Suggests as Optional: IETF RFC 4604: 2006, Using Internet Group Management Protocol Version 3 (IGMPv3) and Multicast Listener Discovery Protocol Version 2 (MLDv2) for Source-Specific Multicast.


D.2.2.2. Implementation

310. The Network Interconnection Point (NIP) provides a network interconnection at the IP layer for the ISAF SECRET environment making up the AMN. It serves 3 major purposes:

  • Intra autonomous system (AS) routing (routing of traffic between nations or between nations and NATO, where each nation is a BGP Autonomous System).

  • QoS policy enforcement (to provide end-to-end QoS for the required services).

  • IPSLA compliance verification (to verify end-to-end performance compliance).

D.2.3. Communications Access Services

311. Definition: Transport Communications Access Services provide end-to-end connectivity of communications or computing devices. Communications Access Services can be interfaced directly to Transmission Services (e.g. in the case of personal communications systems) or to Transport Services, which in turn interact with Transmission Services for the actual physical transport. Communications Access Services correspond to customer-facing communications services. As such, they can also be referred to as Subscriber Services, or Customer-Edge (CE) Services.

312. With respect to the current implementation scope of AMN, the following Communications Access services apply:

  • Packet-Based Communications Access Services

  • Communications Access Information Assurance (IA) Services

  • Communications Access Service Management Control (SMC) Services.

  • Multimedia Services

D.2.3.1. Standards

313. To provide federated services, the standards listed in Table D.4 and Table D.5 should be adhered to.

Table D.4. Packet-based Communications Access Services Standards
ID: Service/Purpose Standards Implementation Guidance
1: Host-to-host transport services

  • Mandatory: IETF STD 6: 1980 /IETF RFC 768: 1980, User Datagram Protocol.

  • Mandatory: IETF STD 7: 1981 / RFC 793: 1981, Transmission Control Protocol.[a]

2: host-to-host datagram services

Internet Protocol:

  • Mandatory: IETF RFC 791: 1981, Internet Protocol.

  • Mandatory: IETF RFC 792: 1981, Internet Control Message Protocol.

  • Mandatory: IETF RFC 919: 1994, Broadcasting Internet Datagrams.

  • Mandatory: IETF RFC 922: 1984, Broadcasting Internet Datagrams in the Presence of Subnets.

  • Mandatory: IETF RFC 950: 1985, Internet Standard Subnetting Procedure.

  • Mandatory: IETF RFC 1112: 1989, Host Extensions for IP Multicasting.

  • Mandatory: IETF RFC 1812: 1995, Requirements for IP Version 4 Routers.

  • Advised: IETF RFC 2644: 1999, Changing the Default for Directed Broadcasts in Routers.[b]

  • Discouraged: IETF RFC 1918:1996, Address Allocation for Private Internets

  • Discouraged: IETF RFC 1631:1994, The IP Network Address Translation (NAT)

IPv6 over Ethernet (Optional):

  • Recommended: IETF RFC 2460: 1998, Internet Protocol, Version 6 (IPv6) Specification.

  • Recommended: IETF RFC 3484: 2003, Default Address Selection for Internet Protocol version 6 (IPv6)[c].

  • Recommended: IETF RFC 3810: 2004, Multicast Listener Discovery Version 2 (MLDv2) for IPv6.

  • Recommended: IETF RFC 4291: 2006, IP Version 6 Addressing Architecture.

  • Recommended: IETF RFC 4443: 2006, Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification.

  • Recommended: IETF RFC 4861: 2007, Neighbor Discovery for IP version 6 (IPv6).

  • Recommended: IETF RFC 5095: 2007, Deprecation of Type 0 Routing Headers in IPv6.

IP networking. Accommodate both IPv4 and IPv6 addressing[d]

Max Transmission Unit (MTU) reduced to 1300 bytes, Max Segment Size (MSS) set to 1260 bytes in order to accommodate IP crypto tunneling within autonomous systems

Use of private range addressing (IETF RFC 1918) should be avoided by the TCNs to prevent addressing conflicts with existing networks. IP address space provided by the AMN Naming and Addressing Authority is to be enforced. An option however may exist, for Nations to bring in IP space assigned to the Nation by an Internet Registry under IANA and certified by the nation as globally unique within their networks. This must be coordinated via the AMN Secretariat Technical Management Office

On the AMN, NAT has always been highly discouraged within the TCN networks[e]. From Jan 2011 it has been removed as an option for all subsequent joining nations[f].

Regarding IETF RFC 4291: Only IPv6 addresses may be used which are assigned to the nation/NATO out of the pool for global unicast by an Internet Registry under IANA and guaranteed by the nation/NATO as globally unique within their networks

3: Differentiated host-to-host datagram services

(IP Quality of Service)

  • Mandatory: IETF RFC 2474: 1998, Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers[g].

    • updated by IETF RFC 3260: 2002, New Terminology and Clarifications for DiffServ.

  • Mandatory: IETF RFC 4594: 2006, Configuration Guidelines for DiffServ Service Classes.

  • Mandatory: ITU-T Y.1540 (03/2011), Internet protocol data communication service – IP packet transfer and availability performance parameters.

  • Mandatory: ITU-T Y.1541 (12/2011), Network performance objectives for IP-based services.

  • Mandatory: ITU-T Y.1542 (06/2010), Framework for achieving end-to-end IP performance objectives.

  • Mandatory: ITU-T M.2301 (07/2002), Performance objectives and procedures for provisioning and maintenance of IP-based networks.

  • Mandatory: ITU-T J.241 (04/2005), Quality of service ranking and measurement methods for digital video services delivered over broadband IP networks.

The AMN QoS standard was constructed based on the NATO QoS Enabled Network Infrastructure (QENI).

The QoS model adopted is however not quite fully compliant with IP QoS Maturity level QoS-1 as defined in the NII IP QoS Standard [NC3A TN-1417][h] (the deviation has largely to do with the DSCP markings).

AMN IP QoS aggregates all IP traffic into 4x classes - (Real Time (RT); Near Real Time (NRT); Network (routing, signalling, management); Best Effort).

[a] FMN: Note that IETF RFC 793 is updated by IETF RFC 3168: 2001, The addition of Explicit Congestion Notification (ECN) to IP. However, despite the fact that IETF RFC 793 is updated by IETF RFC 3168, ECN cannot be used in parallel to the deployment of IP encryption and therefore IETF RFC 793 will remain in these circumstances.

[b] FMN: will also implement IETF RFC 2644. It is advisory that AMN also follows this

[c] FMN: will directly implement IETF RFC 6724: 2012, Default Address Selection for Internet Protocol Version 6 (IPv6). It is unlikely that this would be implemented on the AMN as it would affect the NIPs

[d] Note that although IPv6 has always been part of the AMN Profile it has never been taken up. There has always been the intent to provide a tunnel of v6 over v4 or via a dual stack, should a TCN require it.

[e] Due to the fact that one of the early founding TCN networks of the AMN had already implemented NAT on the already existing network that became the extension, historically NAT has had to be presented as an option for the AMN. NAT however is not in line with the openness required on the AMN and has always been highly discouraged within the TCN network.

[f] Nations that implemented NAT at the foundation of the AMN will remain unaffected and will not be required to change.

[g] FMN: Note that IETF RFC 2474 is updated by IETF RFC 3168: 2001, The addition of Explicit Congestion Notification (ECN) to IP. However, despite the fact that IETF RFC 2474 is updated by IETF RFC 3168, ECN cannot be used in parallel to the deployment of IP encryption and therefore IETF RFC 2474 will remain in these circumstances.

[h] FMN: will implement QoS: IP QoS for the NII, [NC3A TN-1417]


Table D.5. Communications Access IA Services Standards
ID: Service/Purpose Standards Implementation Guidance
1: Provide communications security over the network above the Transport Layer

  • Mandatory: IETF RFC 5246: 2008, Transport Layer Security (TLS) Protocol Version 1.2.