distribution statement: distribution limited to dod and dod contractors only phase 1 and phase 2/3...

Distribution Statement: Distribution Limited to DoD and DoD Contractors Only

Phase 1And

Phase 2/3 Program

23 March 2006

Preston Marshal, Program [email protected]

703-696-5273

Disruption Tolerant Networking (DTN) Program

2Distribution Statement: Distribution Limited to DoD and DoD Contractors Only

Disruption Closes Connection

Disruption Tolerant

Disruption Tolerant Networking (DTN)Program Concept

source

destination

disrupted areas

Packet traverses net until blocked by a disruption

When disruption clears, packet traverses remainder of route

Packet arrives at destination. In an IP network, packet wouldnever have left source

DTN’s Goal is to is to develop and demonstrate technology that will provide network services in the face of disruption and massive differences in delay and bandwidth; and to

reduce demands on network resources by integrating storage into the network

DTN’s Goal is to is to develop and demonstrate technology that will provide network services in the face of disruption and massive differences in delay and bandwidth; and to

reduce demands on network resources by integrating storage into the network

End-to-end severely disrupted by one bad link

Custodian-to-custodian connections isolate disrupted regions


Military Need

• FCS Communications Position Reports Used as Measure

• Highly Favorable Metric Used• Loss of 2 Successive (1 Sec Interval) Reports

Considered as Disconnected

Relying on IP for tactical military networks is dangerous

• Episodically connected military MANETs see rapid topology changes

• Tactical radios know names, not destination addresses

• Tactical/edge military networks may be a mix of IP and non-IP radios

Relying on IP for tactical military networks is dangerous

• Episodically connected military MANETs see rapid topology changes

• Tactical radios know names, not destination addresses

• Tactical/edge military networks may be a mix of IP and non-IP radios

Wireless networks can be good for local connect, but often can’t reach back to infrastructure

Local storage – caching – can create access to information after infrastructure connectivity loss.

FCS Vehicle, Ft. Benning 2006


All Bandwidth is Not Equally Important

DTN Can Augment Existing Networks without Being Inserted into Topology

• Networks are not hierarchies of bandwidth, they are islands

• Bandwidth within islands not as important as bandwidth between islands

• DTN augmentation within islands provides major performance benefits between islands

• Nodes can use local bandwidth to obtain DTN services, even if not on own node

10 Megabps Highly Reliable Connectivity

Wireless Enclaves

GIG Fiber Core

10 Gigabps Highly Reliable Connectivity

64 Kilobps Episodic Connectivity

• Similar to DARPA• Highly reliable, high speed (1 Gigabit) from

servers on campus• Several Megabits in and out to Internet

Ban

dw

idth

/Rel

iab

ility

Distance


DTN Network Persistence Can Solve Fundamental Internet Application Shortfalls

• DTN makes applications over disrupted networks robust

• DTN is also an Opportunity to solve Fundamental Problems we’ve never before had a handle on, using Network-Managed Persistence

• Access information by content or type rather than by network address “I want maps for my area” instead

of “I want to ftp to 192.168.4.17”

• Retrieve once, provide to local users as requested

• Learn from actual network usage

• Exploit in-network storage/caches and pub/sub protocols to create a dynamic and self-forming “Akamai”

• Use temporal security rather than physical security

Time

DT

N

Data only decrypted for access

Cu

rren

t Data decrypted at end system

Temporal Security Model


Today’s Network: Push or Pull, Neither Optimal

I need a map

ConnectedNetwork

I need a map

I need a map

I need a map

I need a map

I need a map

Only one transfer, but data flows to everyone in the multicast group, not necessarily when / where the data is needed

Multicast Push: Data goes to everyone

I need a map

ConnectedNetwork

I need a map

I need a map

I need a map

I need a map

I need a map

Conventional Pull: Copies to every requestor

DTN Resolves Both Inefficiencies.. Pulls One Time, Distributes Locally To Requestors

Only those who ask, get; but with delay; N requests use N times the bandwidth

Subsequent requests for same data consume as much band-width with as much delay as the first request.

1st 2nd 3rd Requests for same data···

Res

ou

rces

Use

d t

o

Get

Dat

a


DTN Phase 1 Results

• Demonstrated DTN v TCP with typical USMC wireless connectivity patterns (MITRE/CONDOR)

• Demonstrated Network Delivery (BBN)

• Demonstrated Trusted Delivery & Resistance to DDoS (Lehigh)

• Designed architecture – intrinsic ability of DTN to operate to the extremes of the network without segmenting to match network characteristics – meta-architecture (MITRE/JPL)

• Potential to move this extensible framework to other building blocks of the network

• Have to adapt Cisco/Nortel/Lucent/Juniper behaviors

• Implemented Experimental Operating Wireless DTN (GaTech/UMass)


Demonstrated DTN v. TCP with USMC Wireless Connectivity Patterns

Demonstrated that DTN is Useful & Feasible, and that DTN can be Transitioned to COTS-based Military Systems

Consecutive 10-KByte File Retrievals over 24 hours, using HTTP and DTN

0

500

1000

1500

2000

2500

3000

3500

4000

File Retrieval Time (seconds)

Nu

mb

er o

f F

ile

Tra

nsf

ers

HTTP

DTN

10 KByte File Transfers in 24 hours

368

3580

0

500

1000

1500

2000

2500

3000

3500

4000

HTTP

DTN

Abandoned 10-KByte File Transfers in 24 hours

0

115

0

20

40

60

80

100

120

140

Abandoned

HTTP

DTN

..

DTN Is A Deployable Technology With

Massive Performance Benefits for DoD

user EPLRSCisco 3725

CONDOR Gateway cable map

INMARSATterminal

Cisco 2811

KG-250

DTN

Completed


Network changes faster than it updates.. never static. IP would never have correct topology.. would fail in a

conventional MANET

For random link dynamics, at most 16 (out of 31) bi-directional links were up at any time

Phase 1 Go/NoGo Metric: Demonstrate DTN Network Performance in Disrupted Network & Evaluation Platform

Hardware in the loop emulation of actual DTN nodes

• Link characteristics• capacity: 19.2 kb/s• delay: 5 ms• MTU: 1480 bytes

• Bundle traffic• size: 2800 bytes• total originated: 264

• Network Transit time >620ms

• Link StateTransit time 4.3s

• Mean time between link transitions ~5s

• Run time: 3600 s

Go/NoGo criterion metfor reliable delivery

DTN would have delivered all traffic given enough time

• 100% Reliable Delivery with

• 80% Utilization over

• 20% Available Links

ACHIEVED


Delivered Bundles Vs. Path DistanceRun at 20% Target Availability: Random Link Dynamics

0

25

50

75

100

3 4 5 6 7

Number Hops

Per

cen

t B

un

del

s D

eliv

ered

DTNTCP End to End Transfer

Delivery Performance for DTN and TCP • Opportunistic Routing Found Ways to Deliver All Traffic, Regardless of Hops

• TCP (End to End) Could Not Find Opportunities• End to End requires Complete

Path be Available

• End to End is Fundamentally Unsuited for Military Operations• 80% Links are only 20%

Network Connected at 7 Hops

• 20% Links are 0.001% Network Connected at 7 Hops

• End to End IP (Without TCP) Shares All these Issues


Delivery Ratio: Worst Case DynamicsDTN versus End-to-End (E2E) Baseline

• DTN Accomplished All Deliveries for Availabilities Above Go/NoGo Criteria• Would Complete All if

Longer Duration created Opportunities

• End to End Could Not Find Sufficient Opportunities in Any Disrupted Scenario• Failed Completely Below

50% Availability

0

25

50

75

100

0 25 50 75 100

Average link Availability

% B

un

dle

De

live

red

DTN

End to E

nd


Link Utilization Using DTN

0.5

0.55

0.6

0.65

0.7

0.75

0.8

0.85

0.9

0.95

1

0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9

Link Availability

Lin

k U

tili

zati

on

• DTN Effectively Used All Available Link Capacity• Network Was So

Dynamic that End to End Would not be Aware of Opportunities to Use

• Efficiency Decreases at High Availability, as More Overhead, and Early Completion of Transfers

• Phase 2 Will Develop Technology to Adapt and Use both End to End and DTN Based on Which Would be Most Effective


Trusted Delivery GNG Metric: ACHIEVED

• Demonstrate rejection of message from unauthenticated sender

• Demonstrate authentication and forwarding of message from trusted sender

• Demonstrate payload data encryption

Phase 1 Go/No Go: “Demonstrate Trusted Delivery” Phase 1 Go/No Go: “Demonstrate Trusted Delivery”

DTN will not propagate Distributed Denial-of-Service Attack

DTN will Detect & Reject Fraudulent (Forged Address) Messages

DTN will not propagate Distributed Denial-of-Service Attack

DTN will Detect & Reject Fraudulent (Forged Address) Messages


Trusted Delivery GNG Metric: ACHIEVED Demonstrate rejection of message from unauthenticated sender

• Two sending nodes - one legitimate, one malicious - attempt to send a bundle in a network with the BAH feature enabled

• The malicious node (M1) sends a bundle without the appropriate BAH to the forwarding node (N2)

• Result: N2 rejects the bundle - ACHIEVED

• The legitimate sender (N1) sends a bundle with the appropriate BAH, allowing for successful authentication

• Result: N2 forwards the bundle to the destination (N3)

Security PerimeterN1

M1

N2 N3

BAH: Bundle Authentication Header

Should have been part of the Internet from the beginning


Trusted Delivery GNG Metric: ACHIEVED Demonstrate: 1.) Authentication and Forwarding of Message From Trusted

Sender and 2.) Payload Data Encryption

• N1 sends a bundle to N4 (thru N2) with only the BAH activated

• The link between N2 and N3 is insecure, so policy at N2 requires payload data encryption

• N2 encrypts the payload, adds the PSH, and becomes the PSH-source, with destination N4 the PSH-destination for the bundle

• N4 receives the encrypted bundle from N3 (thru N2) and decrypts the message: ACHIEVED

N1 N2 N3 N4

PSH-Source PSH-Destination

BAH: Bundle Authentication HeaderPSH: Payload Security HeaderRed: CleartextBlack: Ciphertext

DTN Enables Security Partitioning Based on Traffic Policies Rather than Physical Topology


Au

tocon

fig

ura

tion

/N

eig

hb

or D

iscovery

Bu

nd

leC

usto

dy T

ran

sfe

r

Bu

nd

le E

nd

-to-e

nd

Relia

bility

Bu

nd

leFlo

w/C

on

gestio

n C

tl.

Bu

nd

leEn

cry

ptio

n

Bu

nd

leTB

D S

erv

ices

Convergence Layer

DTN System Architecture

API LegendProtocol Composition API

Management API

RoutingAPI

Configuration API

EnvironmentalAwareness API

Bundle EngineEn

viro

nm

en

tal A

ware

ness

Oth

er R

ou

ting

Pro

tocol

“D

TN

RG

” R

ou

ting

Pro

tocol

“D

AR

PA

” R

ou

ting

Pro

tocol

DTN

Polic

y/M

an

ag

em

en

t

Process Rendezvous Plug-ins/DLLs

Single DTN Standard Will Be Extensible for Commercial or Uniquely Structured Military Apps Such As UAV Overflight, Sensor Nets, Tactical Disruption …

Single DTN Standard Will Be Extensible for Commercial or Uniquely Structured Military Apps Such As UAV Overflight, Sensor Nets, Tactical Disruption …


Technology for a Common Routing Structure with Mission-Unique Algorithms

Wireless networks need diverse routing behaviors:“Open Biggest Battery First” (Battery-powered systems)

“Use Advantaged Node Last” (Transient aircraft nodes)

“Open Least Tx Energy Path First” (Energy-starved systems)

“Open Least Used Reasonable Path First” (Fairness)

Extend - don’t replace - COTS products

Core/Interoperable Core/InteroperableCore/Interoperable

Core/Interoperable

GIG-uniquerouting algo.

UAV flightschedule

battery-awarerouting algo.

vendor-uniqueextension

CommercialWorld

DoD Infrastructure DoD Sensor Field

minimal protocol set

UAV flightschedule

IRG DTN NetworkStandard Core

ColorLegend:

CommercialDTN Extension

Military DTN Extensions

Buy commercial, specialize to militaryBuy commercial, specialize to military


University DTN testbeds (GaTech/UMass) urban ops experiment with multipath and rapid topology change (route breakage)

Long-term 24/7 Experiment at Low Cost with Mobile nodes, sensors, and throwboxes – analogs of tactical military wireless networks – urban+rural – manned & vehicular

DieselNetInitial Deployment May 2004

DieselNet: routers in 40 busses in Amherst


Algorithmic Results

• Knowledge management: Uniform information dissem-ination and improvement of buffer usage

• Resource management: Virtual infrastructure with transport frames improves delivery rate in bottleneck scenarios

• Opportunistic Routing: SCaTR framework improves delivery rate and reduces signaling overhead

• Reflective Route Planning: First DTN routing algorithm based on formal reasoning technology

• Flexible network simulation models with user-defined physical resource schedules

no resource management virtual infrastructure

simulation time

sign

alin

g o

verh

ead

deliv

ery

rate

deliv

ery

rate

deliv

ery

rateFactor 2-3 Increase

Fact

or

5-6

In

crease

Fact

or

2-1

0

Red

uct

ion

simulation time

simulation time

scenario size

AODV

AODV

simulation time

simulation time


DTN Progressive Maturity

Phase 1

Protected, High Performance DTN for

Static Applications with Store and Forward

Phase 2

Phase 1 + Protected, DTN for Medium Scale, Static

Applications with Caching and Distributed Query

Phase 3

Dynamically Self-Organized Organized, Secure Local

Store, Application Linkages, Proven

• Self-Organizing in Response to Network needs

• Large Scale• Red/Black Management of

Persistent Data

• Integrate Push and Pull Metaphors• Cognitive Caching• Information Addressing (not Network Addressing)• Multiple Native Networks (JTIDS, IP, EPLRS, …)• Initial Demo Board Implementation

• Demo in Military Scenario to Assess Utility

• Implement in Longer term, non-Military Application for Operational Experience

• Integrate into Military Networks• Implement in Longer term non-

Military Application to Acquire Experience

Progressive Technology

Development Resulting in Proven

and Deployable Product


Merging Information and Networking

Policy & reasoning enable sophisticated queries over the network

• “I don’t know exactly what I’m looking for, but I know how to describe it”

Late binding as a way of describing information• Don’t have to know where information resides – Google as a metaphor, not an

overlay

• Late binding can occur in the information domain, not only the addressing domain

Want to build a formal structure for persistence and networking, a structure for solving tactical problems

• Analogous to akamai, but akamai is static.. In tactical networks must build our persistence architecture on the fly


Adaptation to Reflect Network Dynamics

DTN networks adapt to changing network topologies• Storage configures itself around paths thru the (intermittent) network

• Self-forming Akamais for content distribution in response to network demands

• Caching as a result of delay-bandwidth product discontinuities

Military Utility – Reduce (eliminate?) burden of planning network deployment with unit deployment

• Planning costs currently comparable to or greater than people and equipment costs

• Network planning creates inertia/delay in deploying forces and reacting to unanticipated changes in the theatre

• Avoid the Comms planning cycle!


Content-based Networking

Support push from core, pull from edge, and meet-in-the-middle content-based networking

Steinbet: “Users will pull data as needed instead of having massive amounts of information pushed to them regularly – regardless of whether it is needed. .. a key tenet of net-centric warfare is that the consumers of information are smarter than their sources about what is needed operationally right now, and that they should be able to pull those data when they need it.

Enable users to subscribe to or query useful information services, and have data returned when there’s a new event or query match

Edge networks can push data up into the networkSource analysis systems can query DTN storage for Wolfpack systems – enables

heterogeneous sensor data fusion

Distribute policies with bundles – much of the flexibility of Active Networks without as much risk .. Update rules of engagement by disseminating policies thru DTN nets


Benefits of unifying networking and storage

• Request information by content/type rather than by network address

• “I want weather for my area” instead of “I want to ftp to 192.168.4.17”

• Ability to cache rather than waste wireless bandwidth• It’s way cheaper to store data rather than to transmit it again

• Integrating push-pull metaphor• Pushing sends to everyone and wastes bandwidth, can pre-place data

• Pulling serves a single user, same data requested multiple times wastes bandwidth, incurs large delays delays in disrupted networks

• Akamai uses static caches in a wired network to mitigate bandwidth wastage and delay

• DTN Push/Pull exploits DTN in-network storage (persistent caches) and pub/sub protocols to create a dynamic and self-forming “akamai”

• Temporal security• Show the data as encrypted/unencryptd


A New Security Model

Red-black separation derives from the philosophy that the control center is protected – once in the black, info is physically safe

With low-cost devices like WNaN, no longer true• How to deal with the loss of equipment at the tactical edge?• Information on this equipment is compromised with the equipment

How to change the security model to deal with equipment that can’t be physically secured??

Rather than view red-black as physical separation, think temporal separation!Keep data encrypted unless the application is processing it!Encrypted data lives in local cache or edge network cache, decrypted by appUse a DTN security “convergence layer shim” for apps .. Withdraw access by app

by revoking cert or similar action.DTN mechanism protects information “keyboard to

eyeball”Protection from app to app, not from node to node

Time

DT

N

Data only decrypted for access

Cu

rren

t Data decrypted at end system

Temporal Security Model


Summary

•Bigger Challenge!

•Larger Funding!

•Massive Need!

distribution statement: distribution limited to dod and dod contractors only phase 1 and phase 2/3...

Documents