June 23, 2022
A software-defined WAN (SD-WAN) can establish a data fabric capable of handling any tactical edge scenario where a reliable WAN is needed.
More than ever, data for situational awareness and key communications is located in one or more cloud systems. The U.S. Department of Defense (DoD) actively seeks to aggregate and disseminate this information through programs such as the Joint All Domain Command and Control Strategy (JADC2) and related Advanced Combat Management System (ABMS) efforts. the US Air Force, the Army’s Project Convergence and the Navy’s Project Overmatch. However, all of this data is useless if the chosen wide area network (WAN) is down or unavailable – an all-too-common situation in Denied, Degraded, Intermittent, or Limited (DDIL) communications environments.
JADC2 is one of the most ambitious programs the DoD has ever undertaken. It will take years to realize the JADC2 vision and will require the combination of currently available technologies applied to new problems as well as new technologies to fill in the gaps. The goal of JADC2, greatly simplified, is to break down existing barriers to communication and understanding of the situation. To prevent the combatant from being weakened by a lack of information, we must break down the communication walls between the land, sea, air, space and cyber domains.
All US armed forces and coalition partners need to be able to share data and that data needs to be shared quickly – as close to real time as possible – to connect the shooter to sensor information. To achieve the JADC2 vision, a data collection and processing platform will be created to power decision-making with artificial intelligence (AI) and machine learning (ML) algorithms. The basis of the JADC2 vision is the data structure for information sharing. A critical part of this data structure are wide area networks (WANs) that connect disparate organizations, locations, and domains. Think of these WANs as the thread that weaves together the data structure that will ensure the success of JADC2.
As the military has gone from expensive, proprietary or GOTS [government off-the-shelf] more cost effective COTS solutions [commercial off-the-shelf] solutions, the services have understood the importance of keeping the industry informed of its needs. At technical exchange meetings, for example, the Army presents industry with its roadmap for future capabilities. These ability sets are presented in two-year increments named after the year. So, we have a CS21, 23, and up to 27 capability set, and likely beyond, shortly. Through this process, the Army hopes to ensure that tomorrow’s commercial solutions align with the needs of the U.S. military.
A key element of the future Army Integrated Tactical Network is a transport-independent channel comprised of virtualized bandwidth. This bandwidth should be able to be adjusted on the fly and optimized as needed for the most critical applications and data at any given time. Similar objectives are present in the US Air Force’s ABMS and the Navy’s Project Overmatch. The operational vision and challenges envisioned a few years from now in Capability Set 27 foresees that core functionality will rely on a lower and upper tactical internet transport agnostic network.
We often hear of DDIL (or DIL) as shorthand for the challenges facing electronic communications in the field, especially wireless communications. Today’s plan to mitigate DDIL includes the use of automated PACE: PACE is the military concept of a combination of technologies, defined as primary, alternate, contingency, and emergency pathway. An example of these technologies, for wireless communications, could be DISA, SATCOM, MPLS, 5G/LTE and Broadband. A PACE plan defines how and when to use each of these technologies, making them a DoD solution to what is truly a global problem. WAN or internet access is expected to be ubiquitous even in remote locations, which is just as true for business, infrastructure or critical healthcare as it is for military and emergency responders.
When we look at these wireless technologies – whether SATCOM, cellular, Wi-Fi, radio, or line-of-sight (LoS) – they are all, to some degree, subject to denial or disruption. This service outage can be due to an adversary or malicious actor, environmental conditions, hardware failure, or even simple misconfiguration or actual compromises during deployment. Even when everything is working well, some technologies only offer intermittent communication.
For example, SATCOM is prone to fading due to rain or loss of line of sight for a LoS connection. These individual technologies are bandwidth constrained compared to what is available to most businesses, whereas in most cities you can call one or more providers and have a multi-gigabit WAN connection provisioned within days.
Certain technologies – such as commercial cellular or MANET [mobile or wireless ad hoc network] – can provide a good connection and be relatively inexpensive, but neither is particularly fast. Remember, we’re talking about communications in a tactical environment, not in the new 5G ultra-wideband bubble. Other technologies such as commercial SATCOM in Low Earth Orbit (LEO) may be relatively cost effective and fast, but at the moment they are not very reliable. Even as the technology matures, it is unclear whether military customers will be able to gain priority access to these necessary commercial resources in an emergency. (Figure 1.)
[Figure 1 | No current, single WAN technology is “best” under all circumstances. SD-WAN combines the strengths of multiple WAN technologies.]
While no current technology is perfect, we can combine multiple WANs, taking the best features from each and overcoming limitations. Most enterprise network vendors have an SD-WAN offering that solves or attempts to solve this problem. Almost universally, SD-WAN solutions decouple network hardware from network control and use centralized management to improve the deployment and maintenance process. (Figure 2.)
[Figure 2 | A conceptual diagram illustrates SD-WAN across a battlefield network.]
The most advanced or comprehensive SD-WAN offerings can be application aware and use this information to direct traffic. Long gone are the days of mile-long ACLs and DSCP markings to classify and manage network traffic. Additionally, these updated solutions leverage billions of commercial “WAN hours” of learning countless connection technologies and how they react under adverse conditions.
When selecting a deployable system for SD-WAN provisioning, system designers can answer a few key questions to ensure they get the best solution. For instance:
- Does the system work on private networks?
- How long can the system run with an Orchestrator connection and what features are disabled when running in this mode?
- Can the orchestration be distributed and can the orchestrator be replaced from the node?
- How do multiple Orchestrators synchronize and can they perform mesh management?
The system designer must also decide on the type of hypervisors and the processing and memory requirements that the system will be able to support for networks at different speeds. For example, if the system is only x86-based or will require proprietary hardware. Other considerations include how many WAN ports the system will need to support and how it will handle provisioning.
Curtiss-Wright’s PacStar 447 router, powered by Cisco IOS-XE, is an example of a compact, energy-efficient hardware router capable of deploying high-speed networking at the tactical edge and providing connectivity to the Cisco SD-ecosystem. WAN. (Figure 3.) For Cisco or other virtual SD-WAN products, the PacStar 451 server supports all major hypervisors and features up to five Ethernet ports. These two rugged and compact modules, just 5.3″ wide and 7.1″ deep, have been tested to MIL-STD 810 and can operate independently on AC, DC or on battery. They can also be nested with other 400 series modules or deployed in a smart chassis.
[Figure 3 | The PacStar 447, powered by the Cisco ESR 6300 router, is ready to connect to Cisco SD-WAN-enabled networks.]
Dominic Perez, CISSP is the Technical Director of Curtiss-Wright Defense Solutions and a Curtiss-Wright Technical Fellow; he had been with PacStar since 2008 and joined Curtiss-Wright when it acquired PacStar in 2020. Dominic currently leads the teams that develop Curtiss-Wright’s PacStar business solutions for the Classified, Modular Data Center and Data Center product lines. tactical fusion systems. Prior to PacStar, Dominic worked for Biamp where he created an automated test infrastructure for the hardware, firmware and software powering its networked distributed audio, conferencing and paging systems. Dominic studied Mechanical Engineering and Computer Science at Oregon State University. He currently holds several VMware professional certifications in data center administration; Cisco in design, security and routing/switching; and CE and ISC2 Safety Council.
Curtiss-Wright Defense Solutions https://www.curtisswrightds.com/