United States Army South (USARSO) Network Simulation and Analysis Using OPNET

blackstartNetworking and Communications

Oct 26, 2013 (3 years and 1 month ago)

80 views


1

United States Army South (USARSO)

Network Simulation and Analysis Using OPNET

Albert M. Rivera, Charles Baxter, Ph.D., Ralph Martinez, Ph.D.

U.S. Army Information Systems Engineering Command

Fort Huachuca, Arizona 85613
-
5300

Email: riveraa@hqisec.army.mi
l


Abstract

In 1996, as a provision of the United States Treaty
Implementation Plan (TIP) with Panama, the United States
Army Information Systems Engineering Command
(USAISEC) was tasked to engineer the relocation of the U.S.
Army South (USARSO) Command f
rom Panama City,
Panama to Ft. Buchanan, Puerto Rico. Specifically,
USAISEC developed the engineering design requirements for
all the Command, Control, Communications, Computers, and
Intelligence (C4I) Systems to be relocated or installed at Fort.
Buchana
n, Puerto Rico. A key C4I system engineered and
installed was the USARSO Unclassified Campus Area
Network (CAN). The urgent requirement to engineer and
install the unclassified network precluded the use of any
modeling techniques to validate the system de
sign. The
USARSO CAN design was based on proven designs for
Ethernet networks installed throughout U.S. Army
installations worldwide. In order to validate the as
-
installed
network, an OPNET simulation was developed. This
document presents the results of

that OPNET simulation.


The USARSO CAN installed and currently operating at Fort
Buchanan is a Gigabit Ethernet backbone network with Fast
Ethernet to the desktop. The network consists of
approximately 1200 users located throughout 35 facilities. A
secu
rity
-
in
-
depth implementation is installed on the USARSO
network, however, for security reasons, the simulation of the
security design is limited to the default attributes of the
firewall implementation only. Protocols and applications
included in the simu
lation include SMTP and X.400 email,
HTTP web browsing and database access. Destination of all
HTTP traffic is remote to the network, while SMTP and
database traffic is partially internal and external based on
specified attributes.


Finally, the key sim
ulation results considered are the Ethernet
Delay within the local network and the throughput and
utilization of the T
-
1 circuit to the Wide Area Network
(WAN).


Introduction


The purpose of this document is to present the results of an
OPNET simulation

conducted on the as
-
installed Campus
Area Network (CAN) for the United States Army South
(USARSO) Command at Fort Buchanan, Puerto Rico. The
CAN installed and operating at Ft. Buchanan is a Gigabit
Ethernet backbone network with Fast Ethernet to the desk
top.
An illustration of the installed network is presented in Figure
1. Figure 2 illustrates the security in
-
depth implemented with
the exception of the Intrusion Detection System (IDS), an
Email Screen and Web Cache. Inclusion of these devices will
be
considered in future simulations. The urgent requirement
to engineer and install the automation network for USARSO
precluded the use of any modeling techniques to validate the
system design. The CAN design was based on proven designs
for Ethernet network
s installed throughout U.S. Army
installations worldwide. The objective of this simulation is to
validate the CAN design currently installed and identify any
shortcomings or improvements. Based on the data included in
the simulation, Ethernet Delay withi
n the network of less than
1000
μs and T
-
1 throughput and utilization less than 50%
would be considered acceptable results.



USARSO Network

FIGURE 1



2


Security in Depth Implementation

Figure 2



Background


In 1996, as a p
rovision of the Treaty Implementation Plan
(TIP) with Panama, the United States Information Systems
Engineering Command (USAISEC) was tasked to engineer the
relocation of the USARSO Command from Panama City,
Panama to Ft. Buchanan, Puerto Rico. One aspect

of the
relocation effort was the engineering and implementation of
the CAN supporting USARSO throughout thirty
-
five (35)
separate facilities. The following outlines the basic technical
requirements used for the engineering design of the USARSO
CAN.


In a
ccordance with Department of Defense (DoD) and
Department of Army (DA) policies, a
Windows NT network
operating system would be deployed that includes specified
security and authentication requirements.


Fiber
-
Optic Infrastructure. A single mode and multi
mode
fiber optic and category 5 infrastructures would be
implemented within each USARSO building in accordance
with EIA/TIA 568A and 569 standards. In addition, the
Outside Cable Rehabilitation Program (OSCAR) would install
fiber optic cabling between bui
ldings as defined by the
USAISEC Site Requirements Package (SRP).


Giga
bit Ethernet Backbone. A Gigabit Ethernet backbone
would be implemented between the Main Switch Nodes
(MSNs) and the Area Distribution Nodes (ADNs). In
addition, a server farm consi
sting of seven (7) servers would
be realized connecting to the network via Gigabit Ethernet
links.


Desktop Network Access. All client workstations would be
connected to the network using Fast Ethernet links.


NIPRNET Access. Wide Area Network (WAN) conn
ectivity
is provided through the Government NIPRNET using a T
-
1
link. A backup low speed circuit (256Kbps) connected to the
NIPRNET is also included in the design, but not considered in
the simulation.


Windows NT
-
4.0 Clients. Client workstations would
i
mplement the Windows NT 4.0 Operating System. Client
workstation attributes would be simulated as OPNET NT
Workstations.


Centralized servers. All system servers to include email, file,
database, and primary and backup domain controllers would
be install
ed in a centralized location with access to the local
network via Gigabit Ethernet links.


SMTP and X.400 Email Service. Two email applications are
implemented at USARSO; SMTP email for general purpose
and X.400 email for Defense Message System (DMS) user
s.


Simulation and Analysis

The USARSO Network was modeled and simulated using
OPNET. The simulated model is presented in Figure 3. The
following workload criteria and attributes were included in the
model.


The USARSO Network would consist of 1200 work
stations
each connected to the network via a Fast Ethernet (100Mbps)
connection.


Area Distribution Nodes (ADNs). The area distribution
nodes were simulated as subnets of the USARSO network.
Each subnet consist of six (6) buildings each supporting a Fas
t
Ethernet network consisting of 50 workstations. The subnets
are modeled using OPNET and is illustrated in Figure 4.


Two email applications are used for the USARSO LAN.
General
-
purpose email is provided using a SMTP protocol
mail application, while the

Defense Message System (DMS)
(Government only) email uses a X.400 protocol email
application. The model was configured for 50% SMTP email
and 50% X.400 email traffic. In addition, 10% of generated
email traffic is configured for external (NIPRNET) acces
s.


Email Attributes. The email attributes, both SMTP and X.400,
used for the simulation, include email size of 10K bytes per
message and incoming and outgoing inter
-
arrival times
configured for an exponential distribution with a mean of 300
seconds.


Al
l World Wide Web traffic was configured in the model to
retrieve pages from the external WAN only. For modeling
purposes, a remote web server is included in the WAN to

3

initiate web traffic. In addition to web traffic generation, the
remote web server pro
vides the ability to analyze server
performance.


HTTP Attributes. The HTTP attributes used for the
simulation includes page inter
-
arrival times (incoming only)
with an exponential distribution and a mean of 60 seconds.
Each page is configured for 10 obj
ects each with object sizes
of 10K bytes.


Database Traffic. The USARSO network simulation is
configured for internal and external database traffic. The
simulation is configured for all workstations requiring
database access with 10% requiring access to
remote database
servers.


Firewall Configuration. The USARSO simulation includes a
firewall to monitor incoming and outgoing traffic. For
simulation purposes, the firewall is configured to allow TCP,
SMTP, FTP and HTTP protocol.






OPNET USARSO Ne
twork

Figure 3






Area Distribution Node (ADN)

Figure 4



The following summarizes the results of the simulation. The
simulation was executed for 30 minutes ensuring steady state
results were achieved.


Ethernet Delay. The Ethernet Delay achieved in t
he USARSO
simulation is presented in Figure 5. From the analysis, the
steady state Ethernet Delay is approximately 600
microseconds.




Ethernet Delay

Figure 5



T
-
1 Throughput. Figure 6 illustrates the total throughput,
incoming and outgoing, on th
e T
-
1 link to the WAN. From
the simulation, the approximate steady state throughput
obtained is approximately 500Kbps.




4


T
-
1 Throughput

Figure 6



T
-
1 Utilization. Figure 7 illustrates the utilization, incoming
and outgoing, on the T
-
1 link to the WAN
. Based on the
simulation, the steady state utilization is approximately 35%,
which satisfies the desired expectation.




T
-
1 Utilization

Figure 7



Firewall Queueing Delay. The queueing delay experienced by
the firewall based on the default attributes
of the OPNET
model is illustrated in Figure 8. Based on the simulation, the
queueing delay realized was approximately 30 microseconds.




Firewall Queuing Delay

Figure 8



The server performance for both local and remote email
servers is illustrated in F
igures 9 and 10. Based on the
attributes of the simulation, the load of both servers is
minimal.




Local Email Servers Performance

Figure 9




Remote Email Server Performance


5

Figure 10




Local Database Server. The local dat
abase server
performance is illustrated in Figure 11. The load on the
server based on the attributes of the simulation is minimal.




Local Database Server Performance

Figure 11



Remote Web Server. The remote web server perf
ormance is
illustrated in Figure 12. The load on the server based on the
attributes of the simulation is minimal.




Remote Web Server Performance

Figure 12



Conclusion


Based on the results of the simulation, the workload generated
by the USARSO wor
kstations as defined in the simulation
minimally impacts the local Gigabit network installed. The
USARSO network is robust and capable of supporting
significant growth. The current T
-
1 access to the WAN is
sufficient to satisfy the existing requirements.

However,
increased users or the introduction of bandwidth dependent
applications requiring access to the WAN, i.e., video
conferencing, would negatively impact the T
-
1 throughput and
utilization.


References


U.S. Army Information Systems Engineering C
ommand
(USAISEC) Documents:


Command, Control, Communications, Computers, and
Intelligence (C4I), System Design Plan for the US Army
South Headquarters at Fort Buchanan, Puerto Rico, 12 June
1998


US Army South Headquarters Site Requirements Package,
Dece
mber 1997.


6


APPENDIX


List of Figures



Figure 1





USARSO Network


Figure 2




Security in Depth Implementation


Figure 3




OPNET USARSO Network


Figure 4



Area Distribution Network


Figure 5








Ethernet Delay


Figure 6







T
-
1 Throughput


Figure 7






T
-
1 Utilization


Figure 8






Firewall Queueing Delay


Figure 9





Local Email Server Performance


Figure 10


Remote Email Serv
er Performance


Figure 11


Local Database Server Performance


Figure 12



Remote Web Server Performance