Secure, Network-Centric Operations of a Space-Based Asset: Cisco Router in Low-Earth Orbit (CLEO) and Virtual Mission Operations Center (VMOC)

fullgorgedcutΔίκτυα και Επικοινωνίες

24 Οκτ 2013 (πριν από 3 χρόνια και 7 μήνες)

95 εμφανίσεις

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

1

Secure, Network
-
Centric Operations of a
Space
-
Based Asset:

Cisco Router in Low
-
Earth Orbit (CLEO) and

Virtual Mission Operations Center (VMOC)



Will Ivancic

wivancic@grc.nasa.gov

216
-
433
-
3494



Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

2

Agenda


Why


CLEO/VMOC overview


Participating Organizations


The Network


Data Flow


Timeline of Events


CLEO/VMOC Lessons Learned


Future Work


New Capabilities


NCO Experiences


Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

3

Why?


Shared Network Infrastructure (Mobile
-
IP)


$$$ Savings


Ground Station ISP


$400
-

$500 per satellite pass


No salaries


No heath benefits


No infrastructure costs


System Flexibility


Greater Connectivity


Relatively easy to secure


TCP/IP suite


COTS Standard


Free tools


Skilled professionals available


Tested via general use by 100s of 1000s daily


Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

4

The Cisco router in low Earth orbit (CLEO)


Put a COTS Cisco router in space


Determine if the router could
withstand the effects of launch and
radiation in a low Earth orbit and still
operate in the way that its terrestrial
counterparts did.


Ensure that the router was routing
properly


Implement mobile network and
demonstrate its usefulness for space
-
based applications.


Since the UK

DMC is an
operational system, a major
constraint placed on the network
design was that any network changes
could not impact the current
operational network

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

5

Virtual Mission Operations Center (VMOC)


Enable system operators and data users to be remote


Verify individual users and their authorizations


Establish a secure user session with the platform


Perform user and command prioritization and contention
control


Apply mission rules and perform command
appropriateness tests


Relay data directly to the remote user without human
intervention


Provide a knowledge data base and be designed to allow
interaction with other, similar systems


Provide an encrypted gateway for “unsophisticated” user
access (remote users of science data)

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

6

Virtual Mission Operations Center

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

7

VMOC evaluated five categories

1.
Does VMOC provide access to payload information for
the warfighter?

2.
Can the field users request information from a platform or
sensor?

3.
Can field users request information from existing
databases?

4.
Can the VMOC demonstrate rapid response and
reconfiguration of an IP based platform?

5.
Can the VMOC task platforms as required to get
necessary information to the warfighter?

Yes to all of the above!

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

8

Mutually Beneficial Interests


Projects are complementary in their shared use of
the Internet Protocol (IP)


Overall goal of network
-
centric operations.


(and NetCentric Operations)

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

9

Participating Organizations

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

10

mobile routing
Home Agent

(NASA Glenn)

Segovia
NOC

‘shadow’ backup

VMOC
-
2

(NASA Glenn)

UK
-
DMC/CLEO router
high
-
rate passes over
SSTL ground station

(Guildford, England)

primary VMOC
-
1

Air Force Battle Labs

(CERES)

Internet

mobile router
appears to
reside on
Home Agent’s
network at
NASA Glenn

secure Virtual
Private Network
tunnels (VPNs)
between VMOC
partners

‘battlefield
operations’

(tent and Humvee,
Vandenberg AFB)

low
-
rate UK
-
DMC passes over
secondary ground stations

receiving telemetry

(Alaska, Colorado Springs)

8.1Mbps downlink

9600bps uplink

38400bps

downlink

other satellite

telemetry to VMOC

UK
-
DMC

satellite

CLEO onboard
mobile access router

CLEO/VMOC Network

USN Alaska

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

11

Data Flow

Mobile Router

Using Mobile
-
IPv4 and

Triangular Routing

Home

Agent

(GRC)

Battlefield
Operations

(Vandenberg AFB)

Segovia
NOC

DMC
-
UK

2nd Ground Station

VMOC
-
2

(GRC)

SSTL

VMOC
-
1

Open Internet

VMOC

Database

Experiments

Workstation

Satellite

Scheduler

& Controller

Remote Request

Warfighter
Requests
image of
Hong Kong

Is Warfighter

Authorized to
view image of
Hong Kong

If image is
available,
return image,
else get image

Are you
really

Warfighter?

Home

Agent

(GRC)

Battlefield
Operations

(Vandenberg AFB)

Segovia
NOC

2nd Ground Station

VMOC
-
2

(GRC)

SSTL

VMOC
-
1

Open Internet

VMOC

Database

Experiments

Workstation

Satellite

Scheduler

& Controller

Schedule Request

Request

Image

Check Satellite

Resources and

Notify VMOC
when image will
be available

Notify

Warfighter of
the time when
image will
become
available

DMC
-
UK

DMC
-
UK

14:00

Take Image and
store for later
retrieval

Hong
Kong

SSTL

Experiments

Workstation

Satellite

Scheduler

& Controller

Command Satellite

Take image when
over Hong Kong

(at 14:00)

DMC
-
UK

Command
Satellite

When in View

Home

Agent

(GRC)

Battlefield
Operations

(Vandenberg AFB)

Segovia
NOC

Mobile
Router

2nd Ground Station

VMOC
-
2

(GRC)

SSTL

VMOC
-
1

Open Internet

Note, Mobile
Router appears to
reside on Home
Agent’s Network

VMOC

Database

Experiments

Workstation

Satellite

Scheduler

& Controller

Image Transfer

File Transfer

Using Mobile
-
IPv4

(Triangular Routing)

Home

Agent

(GRC)

Battlefield
Operations

(Vandenberg AFB)

Segovia
NOC

Mobile
Router

2nd Ground Station

VMOC
-
2

(GRC)

SSTL

VMOC
-
1

Open Internet

Note, Mobile
Router appears to
reside on Home
Agent’s Network

VMOC

Database

Experiments

Workstation

Satellite

Scheduler

& Controller

Retrieve Image

Retrieve Image for
storage and
redistribution

Home

Agent

(GRC)

Battlefield
Operations

(Vandenberg AFB)

Segovia
NOC

Mobile
Router

2nd Ground Station

VMOC
-
2

(GRC)

SSTL

VMOC
-
1

Open Internet

Note, Mobile
Router appears to
reside on Home
Agent’s Network

VMOC

Database

Experiments

Workstation

Satellite

Scheduler

& Controller

Redistribute Image

Retrieve


Image



Notify Warfighter

That Image is
available

Authenticate
Warfighter


Send
Image

Home

Agent

(GRC)

Battlefield
Operations

(Vandenberg AFB)

Segovia
NOC

2nd Ground Station

VMOC
-
2

(GRC)

SSTL

VMOC
-
1

Open Internet

VMOC

Database

Experiments

Workstation

Satellite

Scheduler

& Controller

Image Transfer
-

Two Ground Stations

File Transfer

Using Mobile
-
IPv4

(Triangular Routing)

Rate Mismatch

Problem

Desire is to
buffer locally
while in sight of
the satellite
then redistribute
to the VMOC

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

19

Home Agent

VMOC

Open Internet

VMOC

Database

Satellite

Scheduler

& Controller

Ground

Station 3

Ground

Station 2

Ground

Station 1

-
>> Time
-
>>

Large File Transfer

Over Multiple Ground Stations

-

DTN is a Potential Solution
-


DTN Bundle Agent

Intermediary

DTN Bundle Agent

Intermediary

DTN Bundle Agent

Intermediary

DTN Bundle Agent

Sink

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

20

Home Agent

VMOC

Open Internet

VMOC

Database

Satellite

Scheduler

& Controller

Ground

Station 3

Ground

Station 2

Ground

Station 1

-
>> Time
-
>>

DTN Bundle Agent

Source

DTN

Bundle Agent

Sink

Combining Mobile
-
IP and DTN for File Upload

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

21

Timeline of Events (18 Months)


September 2002: Cisco approaches SSTL regarding placing Mobile
Access Router onboard a spacecraft


SSTL agrees to place on UK
-
DMC with integration to begin in December 2002


April 2003: Cisco approaches NASA Glenn Research Center (GRC)
regarding interest in participation under joint research of existing NASA
Space Act Agreement


NASA Glenn visits NASA Goddard regarding ground station support


GFSC definitely has the expertise


GRC concerned about NASA’s ability to meet cost/schedule due to bureaucracy


Security issues and motivation to “make this happen” without high level buy
-
in


August 2003: Initial planning meeting at GRC with Air Force, Army, GD,
Cisco, and Western DataCom to discuss network, design, implementation
and schedule prior to visiting SSTL


September 2003: Discussions with GSFC on cost and schedule (GRC has very
limited budget)


27 September 2003: UK
-
DMC and sister satellites launched from Plesetsk.


15 October 2003: CLEO router power cycled during commissioning tests.

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

22

Timeline of Events (18 Months)


December 2003: VMOC team visits SSTL to discuss network design and
collaborative effort


SSTL agrees in principle and indicates that they would be willing to modify their
addressing scheme to accommodate mobile networking


GRC and GD are pleasantly surprised (We will believe it when we see it!)


Talk of March 2004 demonstration, pushed to June pre GRC’s insistence.


January 2004: While waiting for the arrival of the engineering model ….


GRC personnel worked on IPv4 mobile networking technologies including
traversing Network Address Translation units.


Continued discussions with GSFC, but only $100K available. Insufficient funds.


GSFC suggests we try Universal Space Networks who is looking for IP satellite


Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

23

Timeline of Events (18 Months)


February 2004:


Visited USN and got buy in to support second ground station. Used Military
contract ending in April if no new work. Thus approximately 30 days to get in
place.


Took delivery of Engineering Model at GRC and tested as much of the network as
possible



pass through software not yet written!


VMOC kickoff meeting was held at Colorado Springs on February 11 through 13



Decision was made to place a third ground station in Colorado Springs for VMOC
comparative analysis.


Mentioned IPv6 mobility work


Army suggested we show this to OSD (in our
spare time!)


March 2004:


Ordered Modems for grounds stations (3 Comtech COTS for downlink,
4 Amateur
radio for uplink


due in April, build you own kit
)


Met with Army Battle Labs to discuss network design and addressing of the mobile
component of the VMOC demonstration


the remote battle field command center.


Comtech modem received


While awaiting pass
-
through software completion, worked IPv6 mobility
demonstration.


General Dynamics is working VMOC in parallel


needs to integrate with GRC
network.


Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

24

Timeline of Events (18 Months)


April 2004:


CPFSK Amateur radios signed for at GRC, but lost! Reordered
last two kits!


USN under contract.


April 27: Performed Secure mobile network demonstration of IPv4 and IPv6 to
Dr. Wells and staff at OSD and ICNS conference


April 28: Met with Integral Systems and USN to discuss network design for mobile
routing.


April 29: CLEO router activated and tested with console access.


May 2004:


CPFSK modem kits received, built and partially tested. USN requests modems with
understanding that we have only partially tested them!


SSTL Pass
-
through software and Saratoga file transfer software tested on EM.


Virtual Flatsat implemented at GRC to allow 24x7 VMOC testing.


May 11: First access to CLEO via console port via SSTL ground station


Test were via SSTL machines controlled with RealVNC


May 14: Pass
-
through software tested on UK
-
DMC. Telnet to CLEO now
possible!


May 21: 1
st

remote commanding of CLEO
from GRC network

using normal
routing


May 22: Sent Dave Stewart to England to get mobile networking operational.


May 28: Mobile networking operational


unsecured, on open network

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

25

Timeline of Events (18 Months)


June 2004:


June 3: Mobile networking tested behind VPN firewall


secure mobile
networking
.


June 4: SSTL schedules telemetry passes over Colorado and Alaska for June 8
-
17 and
router passes over SSTL for metric collection on June 7
-
11.


June 8: USN ground station operational (low pass mode) and receiving telemetry


June 10: Telemetry resender operational from USN and CERES


June 7


11: Metric testing of VMOC and CLEO from Vandenberg Air Force Base.


June 14


16: Public demonstration of VMOC and CLEO at Vandenberg
.


August 2004: Participate in Small Satellite Conference


Telemetry from USN Alaska Ground station.


December 22, 2004: Mobile networking operational via the USN ground
station (High
-
rate pass)


Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

26

Summary
-

Timeline of Events


NASA’s first opportunity to touch CLEO was May 11th, 2004


At best, satellite passes were:



1 per day, 3 days per week, 8 minutes per pass


Cisco router testing next week (from actual email):


Tues 11/05/2004:


10h05UTC pass (6:05 EDT)


Wed 12/05/2004:


10h43UTC pass (6:43 EDT)


Fri 14/05/2004:


10h20UTC pass (6:20 EDT)


Successful VMOC metrics testing was performed June 7
-
11.



It is highly doubtful this

would have been possible

without the use of IP!

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

27

CLEO/VMOC Lessons Learned


The ability to have all the tools available in a full IOS on the
onboard router proved invaluable


Argument for slimmed
-
down IOS


May be more robust or easier to qualify rigorously for the space
environment.


Argument for full IOS


Removing functionality may result in less stable code rather than more
stable code, as any change in software can affect the robustness of
software and second.


Full IOS has been tested daily by hundreds of thousands of users


It is quite probable the functionality taken out will end up being the
functionality one needs for some later, unforeseen configuration need.


Mobile networking greatly simplifies network configurations at
the ground stations and adds an extremely insignificant amount of
overhead (three small packets per session for binding setup).


Triangular routing is preferred if the rate on the terrestrial links cannot
meet or exceed the rate of the downlink.


Triangular routing along with new file transfer applications enables full
utilization of the downlink.

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

28

CLEO/VMOC Lessons Learned


The interface between asset owners will have to be identified and
some special software written when sharing infrastructure


Use of commercial standards (IP, Simple Object Access Protocol , XML)
make implementing these software interfaces much quicker and easier
than if noncommercial standard protocols were used
.


The engineering model of the onboard and ground assets is a
necessity



According to Universal Space Networks and Integral System
Integration,
there are products available for ground station TT&C
that have become de facto industry standards. Using them will
greatly simplify ground station integration and reduce costs.


An example provided by USN and ISI: IN

SNEC’s CORTEX

satellite
telemetry products for ground stations

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

29

Future Work


Use CLEO to move GPS reflectometry experiment data from a 3 Mbps solid state
data recorder (SSDR) to an 8 Mbps SSDR


Allows all data to be transmitted to ground in single pass


Reducing power requirements and SSDRs can be turned off when empty


Perform this multi
-
ground station large file transfer


USN ground station modifications necessary for operation with the DMC satellites


Application software needed to run a file transfer over multiple ground stations.



SSTL commanding satellites through the USN ground system


Require SSTL to modify its Mission Planning System to automatically check
availability of USN assets (This may be happening via AFRL and SSTL contracts
with USN)


VMOC as Systems Coordinator and Security Manager for SSTL and USN assets


IPv6
-
Compliant Satellite



Onboard Router


HAIPIS Encryptor


IPv6 compliant instruments


Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

30

New Capabilities


Onboard router enables standard payloads to be placed on a local area
network and be commanded and controlled using commercial standard
Internet Protocols.


VMOC’s distributed architecture provides for survivability and rapid
reconfiguration



Needed in the battlefield, science, and business environments.


Enables remote secure command and control of spacecraft, sensors, and manned and
unmanned aerial vehicles.


By using commercial standard equipment and commercial standard protocols


Competition and standardization results in significant cost savings


Increases number of available assets


Ground and Space assets may be available from multiple commercial and
government providers


Multiple assets results in more available contacts, greater contact time, and
quicker response time


Use multiple ground stations enables large file transfers to take place over
multiple ground stations’ contact times


Allows system implementers tremendous flexibility in the design of the space
system


Possible reduction of the downlink transmit rate and corresponding transmit
power because of the increased contact time


Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

31

NCO Experiences


Successful NCO has more to do with building trust relationships at
the “people level” than it has to do with technology.


Putting NCO in an operational system is the true test.


This forces ALL security issues to be address!


Internetwork Centric Operations, NCO across various networks
owned and operated by various entities if far different the NCO
within your own network.


Everybody has to expose themselves to some degree. That degree has to
be negotiated up front.


I need to understand how your system works and you need to
understand how my system works.


Strengths and vulnerabilities are exposed to some degree.


Internetworking NCO is like a marriage


50/50 is doomed to failure. 100% commitment is required by all
parties.


You MUST understand and accept the needs of the other parties.


Patience and Persistence, Patience and Persistence, and more
Patience and Persistence!

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

32

The compete technical report and this

presentation are available at:


http://roland.grc.nasa.gov/~ivancic/papers_presentations/papers.html


We are always willing to bring the demonstration to
you, if so desired.

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

33

Current State of Network

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

34

Home

Agent

(GRC)

US Army Space &
Missile Defense
Battle Lab

Colorado Springs


Segovia
NOC

Multi
-
User Ground
Station (MUGS)

Colorado Springs, CO

SSTL

Guildford
England

VMOC
-
1

(GRC)

Open Internet

VMOC

Database

Experiments

Workstation

Satellite

Scheduler

& Controller

Hiroshima Institute of
Technology

Hiroshima, Japan

Universal Space Networks

Ground Network

Alaska, Hawaii and Australia


UK
-
DMC/CLEO

Network Configuration

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

35

USN Network (MPLS)

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

36

Things to watch out for!

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

37

Mobile
Router


IPE
-
2M

Foreign
Agent



IPE
-
2M

Roaming

Interface

Behind Router


Strategic


Home

Agent

HA
-
MR Tunnel

Mobile Network

HA
-
FA Tunnel

IPE
-
IPE Secure Tunnel

Home Network

Internet

Source


Western DataCom

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

38


IPE
-
2M

Foreign
Agent



IPE
-
2M

Mobile
Router

Roaming

Interface

In
-
Front of Router


Tactical


Home

Agent

HA
-
MR Tunnel

Mobile Network

HA
-
FA Tunnel

IPE
-
IPE Secure Tunnel

Home Network

Secure WAN

Internet

Source


Western DataCom

Glenn Research Center

Satellite Networks & Architectures Branch

Communications Technology Division

NASA IP Mobility Meeting 11 April 2008 (Majority of slides are from AFEI NCO Conference: May 2005)

39

What about Space Link Extension?


Space Communications and Navigation (SCAN) Services:
Conceptual Architecture Definition (CAD) Draft 0.9, November,
2007


Poor architectural design


The proposed architecture presupposes a particular mode of
operation (representative of Deep Space)


Space Link Extension is prime interface


There are at least four MAJOR problems with SLE
-
Transport all
related to SLE
-
Transport being an application layer tunnel


that is,
SLE extends the space datalink from the ground terminal to the
operations center using an application.


Performance is limited by the Applications speed.


The Architecture adds unnecessary application and transport
layer control loops into the end
-
to
-
end architecture.


An application
-
layer tunnel presents serious security issues.


An application
-
layer tunnel precludes deployment of existing
and future internetworking (Internet) routing technologies.