June 23, 2022
A software-defined WAN (SD-WAN) can establish a data fabric capable of dealing with any tactical edge scenario where reliable WAN is needed.
More than ever, data for situational awareness and key communications is located in one or more cloud systems. The U.S. Department of Defense (DoD) is actively looking to aggregate and distribute this information through programs such as the Joint All Domain Command and Control (JADC2) strategy and the associated efforts of the U.S. Air Force’s Advanced Battle Management System (ABMS), the Army’s Project Convergence, and the Navy’s Project Overmatch. However, all this data is useless if the wide area network (WAN) chosen is down or unavailable – a situation far too common in denied, degraded, intermittent, or limited (DDIL) communications environments.
JADC2 is one of the most ambitious programs the DoD has ever undertaken. It’s going to take years to achieve the JADC2 vision and will require the combination of currently available technologies applied to new problems as well as new technologies to fill gaps. The goal of JADC2, greatly simplified, is to break down existing barriers to communication and situational understanding. To prevent the warfighter being impaired by a lack of information, we need to tear down the communications walls between the domains of land, sea, air, space, and cyber.
All U.S. armed forces and coalition partners need to be able to share data and that data must be shared rapidly – as close to real time as possible – to connect the shooter with the information from sensors. To realize the JADC2 vision, a platform for data collection and processing will be created to power decision making with artificial intelligence (AI) and machine learning (ML) algorithms. The foundation of the JADC2 vision is the data fabric for information sharing. A critical piece of that data fabric is the wide area networks (WAN) that link disparate organizations, locations, and domains together. Think of these WANs as the thread that weaves the data fabric that will carry JADC2 to success.
As the military has moved from expensive, proprietary or GOTS [government off-the-shelf] solutions, to more cost-effective COTS [commercial off-the-shelf] solutions, the services have realized the importance of keeping industry abreast of their needs. At technical exchange meetings, for example, the Army presents industry with its roadmap for future capabilities. These capability sets are presented in two-year increments named after the year. Thus, we have capability set CS21, 23, and on up through 27, and probably beyond, shortly. Through this process, the Army hopes to ensure that the commercial solutions of tomorrow align with the needs of the U.S. military.
A key piece of the Army’s Future Integrated Tactical Network is a transport-agnostic pipe composed of virtualized bandwidth. This bandwidth needs to be able to be tuned on the fly and optimized as needed for the most critical applications and data at any given point in time. Similar goals are present in the U.S. Air Force’s ABMS and the Navy’s Project Overmatch. The operational view and challenges envisioned a few years out from today in Capability Set 27 anticipate that major features will rely on a transport agnostic network across the lower and upper tactical Internet.
We frequently hear of DDIL (or DIL) as shorthand for the challenges faced by electronic communications in the field, especially wireless communications. Today’s plan for mitigating DDIL includes using automated PACE: PACE is the military’s concept of a combination of technologies, defined as Primary, Alternate, Contingency and Emergency path. An example of such technologies, for wireless communications, might be DISA, SATCOM, MPLS, 5G/LTE, and broadband. A PACE plan defines how and when to employ each of these technologies, actually a DoD solution to what is really a global problem. WAN or internet access is expected to be ubiquitous even in remote locations, which is just as true for critical business, infrastructure, or healthcare as it is for military and emergency responders.
When we look at these wireless technologies – whether SATCOM, cellular, Wi-Fi, radio, or line of sight (LoS) – they are all to some extent subject to denial or disruption. This breakdown in service can be due to an adversary or malicious actor, environmental conditions, hardware failure, or even simple misconfiguration or real-world compromises in deployment. Even when things are working well, some technologies will only provide intermittent communication.
For example, SATCOM is subject to rain fade or the loss of a line of sight for an LoS connection. These individual technologies are limited in bandwidth compared to what’s available to most enterprises, whereas, in most cities you can call up one or more providers and get a multigigabit WAN connection provisioned within days.
Some technologies – like commercial cellular or MANET [mobile or wireless ad hoc network] – may provide a good connection and be relatively inexpensive, but neither are particularly fast. Remember, we’re talking about communications in a tactical environment, not in the newest 5G ultrawideband bubble. Other technologies like commercial low-Earth-orbit (LEO) SATCOM may be comparatively cost-effective and fast, but right now they are not very reliable. Even as the technology matures it’s unclear if military customers are going to be able to get priority access to these commercial resources needed in an emergency. (Figure 1.)
[Figure 1 | No current, single WAN technology is “best” under all circumstances. SD-WAN combines the strengths of multiple WAN technologies.]
While any one current technology isn’t flawless, we can combine multiple WANs, taking the best features of each and overcoming the limitations. Most enterprise network vendors have an SD-WAN offering that solves or attempts to solve this problem. Nearly universally, SD-WAN solutions decouple network hardware from network control and utilize centralized management to improve the deployment and maintenance process. (Figure 2.)
[Figure 2 | A conceptual diagram illustrates SD-WAN across a battlefield network.]
The more advanced or complete SD-WAN offerings can be application-aware and use that information to steer traffic – long gone are the days of miles-long access control lists and DSCP markings for classifying and managing network traffic. Further, these updated solutions gain intelligence from billions of commercial “WAN-hours” learning from countless connection technologies and how they react under adverse condition.
When selecting a deployable system for fielding SD-WAN, systems designers can address a few key questions to ensure they obtain the best solution. For example:
- Does the system work on private networks?
- How long can the system run with a connection to the orchestrator, and what features are disabled when running in this mode?
- Can the orchestration be distributed, and can the orchestrator be overridden from the node?
- How do multiple orchestrators sync and can they do meshed management?
The system designer must also decide what type of hypervisors and what processing and memory requirements the system will be able to support for different speed networks. For example, whether the system be x86-based only or will require proprietary hardware. Additional considerations include the number of WAN ports the system will need to support and how it will handle provisioning.
An example of a compact, power-efficient, hardware router that can deploy high-speed networking at the tactical edge and provide connectivity to the Cisco SD-WAN ecosystem is provided by Curtiss-Wright’s PacStar 447 router, powered by Cisco IOS-XE. (Figure 3.) For Cisco or other virtual SD-WAN products, the PacStar 451 server supports all of the major hypervisors and carries as many as five Ethernet ports. Both of these rugged, compact modules, just 5.3″ wide and 7.1″ deep, have been tested to MIL-STD 810 and can operate standalone off AC, DC, or battery power. They can also be snapped together with other 400-series modules or deployed into a smart chassis.
[Figure 3 | The PacStar 447, powered by the Cisco ESR 6300 router, is ready to connect to Cisco SD-WAN-enabled networks.]
Dominic Perez, CISSP is the CTO at Curtiss-Wright Defense Solutions and a Curtiss-Wright Technical Fellow; he was with PacStar since 2008 and joined Curtiss-Wright through its acquisition of PacStar in 2020. Dominic currently leads the teams developing Curtiss-Wright’s PacStar Commercial Solutions for Classified, Modular Data Center, and Tactical Fusion System product lines. Prior to PacStar, Dominic worked for Biamp where he created automated testing infrastructure for the hardware, firmware, and software powering its network distributed audio, teleconferencing, and paging systems. Dominic studied mechanical engineering and computer science at Oregon State University. He currently holds multiple professional certifications from VMware in Data Center Administration; Cisco in Design, Security, and Routing/Switching; and EC Council and ISC2 in Security.
Curtiss-Wright Defense Solutions https://www.curtisswrightds.com/