DTN GoNoGo Phase I to II

1
Disruption Tolerant Networking (DTN) Program
Phase 1 And Phase 2/3 Program 23 March 2006
Preston Marshal, Program Manager Preston.marshall_at_
darpa.mil 703-696-5273
2
Disruption Tolerant Networking (DTN)Program
Concept
End-to-end severely disrupted by one bad link
Custodian-to-custodian connections isolate
disrupted regions
DTNs Goal is to is to develop and demonstrate
technology that will provide network services in
the face of disruption and massive differences in
delay and bandwidth and to reduce demands on
network resources by integrating storage into the
network
3
Military Need
FCS Vehicle, Ft. Benning 2006

• FCS Communications Position Reports Used as
  Measure
• Highly Favorable Metric Used
• Loss of 2 Successive (1 Sec Interval) Reports
  Considered as Disconnected

Wireless networks can be good for local connect,
but often cant reach back to infrastructure Local
storage caching can create access to
information after infrastructure connectivity
loss.

• Relying on IP for tactical military networks is
  dangerous
• Episodically connected military MANETs see rapid
  topology changes
• Tactical radios know names, not destination
  addresses
• Tactical/edge military networks may be a mix of
  IP and non-IP radios

4
All Bandwidth is Not Equally Important

• Networks are not hierarchies of bandwidth, they
  are islands
• Bandwidth within islands not as important as
  bandwidth between islands
• DTN augmentation within islands provides major
  performance benefits between islands
• Nodes can use local bandwidth to obtain DTN
  services, even if not on own node

• Similar to DARPA
• Highly reliable, high speed (1 Gigabit) from
  servers on campus
• Several Megabits in and out to Internet

Bandwidth/Reliability
64 Kilobps Episodic Connectivity
GIG Fiber Core
Distance
10 Gigabps Highly Reliable Connectivity
DTN Can Augment Existing Networks without Being
Inserted into Topology
10 Megabps Highly Reliable Connectivity
Wireless Enclaves
5
DTN Network Persistence Can Solve Fundamental
Internet Application Shortfalls

• DTN makes applications over disrupted networks
  robust
• DTN is also an Opportunity to solve Fundamental
  Problems weve never before had a handle on,
  using Network-Managed Persistence
• Access information by content or type rather than
  by network address
• I want maps for my area instead of I want to
  ftp to 192.168.4.17
• Retrieve once, provide to local users as
  requested
• Learn from actual network usage
• Exploit in-network storage/caches and pub/sub
  protocols to create a dynamic and self-forming
  Akamai
• Use temporal security rather than physical
  security

Temporal Security Model
Time
6
Todays Network Push or Pull, Neither Optimal
Conventional Pull Copies to every requestor
Only those who ask, get but with delay N
requests use N times the bandwidth
Multicast Push Data goes to everyone
I need a map
I need a map
I need a map
I need a map
I need a map
Connected Network
I need a map
Connected Network
I need a map
I need a map
I need a map
I need a map
I need a map
Only one transfer, but data flows to everyone in
the multicast group, not necessarily when / where
the data is needed
I need a map
DTN Resolves Both Inefficiencies.. Pulls One
Time, Distributes Locally To Requestors
7
DTN Phase 1 Results

• Demonstrated DTN v TCP with typical USMC wireless
  connectivity patterns (MITRE/CONDOR)
• Demonstrated Network Delivery (BBN)
• Demonstrated Trusted Delivery Resistance to
  DDoS (Lehigh)
• Designed architecture intrinsic ability of DTN
  to operate to the extremes of the network without
  segmenting to match network characteristics
  meta-architecture (MITRE/JPL)
• Potential to move this extensible framework to
  other building blocks of the network
• Have to adapt Cisco/Nortel/Lucent/Juniper
  behaviors
• Implemented Experimental Operating Wireless DTN
  (GaTech/UMass)

8
Demonstrated DTN v. TCP with USMC Wireless
Connectivity Patterns
INMARSAT terminal
Cisco 2811
KG-250
DTN
10 KByte File Transfers in 24 hours
Abandoned 10-KByte File Transfers in 24 hours
4000
140
user
Cisco 3725
EPLRS
3500
120
HTTP
HTTP
3000
CONDOR Gateway cable map
DTN
100
DTN
2500
80
2000
3580
..
DTN Is A Deployable Technology With Massive
Performance Benefits for DoD
115
60
1500
1000
40
500
20
368
0
0
0
Completed
Abandoned
Demonstrated that DTN is Useful Feasible, and
that DTN can be Transitioned to COTS-based
Military Systems
9
Phase 1 Go/NoGo Metric Demonstrate DTN Network
Performance in Disrupted Network Evaluation
Platform Hardware in the loop emulation of
actual DTN nodes

• 100 Reliable Delivery with
• 80 Utilization over
• 20 Available Links

ACHIEVED

• Link characteristics
• capacity 19.2 kb/s
• delay 5 ms
• MTU 1480 bytes
• Bundle traffic
• size 2800 bytes
• total originated 264
• Network Transit
  time gt620ms
• Link StateTransit time
  4.3s
• Mean time between link transitions 5s
• Run time 3600 s

DTN would have delivered all traffic given enough
time
For random link dynamics, at most 16 (out of 31)
bi-directional links were up at any time
Network changes faster than it updates.. never
static. IP would never have correct topology..
would fail in a conventional MANET
10
Delivered Bundles Vs. Path DistanceRun at 20
Target Availability Random Link Dynamics

• Opportunistic Routing Found Ways to Deliver All
  Traffic, Regardless of Hops
• TCP (End to End) Could Not Find Opportunities
• End to End requires Complete Path be Available
• End to End is Fundamentally Unsuited for Military
  Operations
• 80 Links are only 20 Network Connected at 7
  Hops
• 20 Links are 0.001 Network Connected at 7 Hops
• End to End IP (Without TCP) Shares All these
  Issues

Delivery Performance for DTN and TCP
DTN
TCP End to End Transfer
11
Delivery Ratio Worst Case DynamicsDTN versus
End-to-End (E2E) Baseline

• DTN Accomplished All Deliveries for
  Availabilities Above Go/NoGo Criteria
• Would Complete All if Longer Duration created
  Opportunities
• End to End Could Not Find Sufficient
  Opportunities in Any Disrupted Scenario
• Failed Completely Below 50 Availability

DTN
End to End
12
Link Utilization Using DTN

• DTN Effectively Used All Available Link Capacity
• Network Was So Dynamic that End to End Would not
  be Aware of Opportunities to Use
• Efficiency Decreases at High Availability, as
  More Overhead, and Early Completion of Transfers
• Phase 2 Will Develop Technology to Adapt and Use
  both End to End and DTN Based on Which Would be
  Most Effective

13
Trusted Delivery GNG Metric ACHIEVED
Phase 1 Go/No Go Demonstrate Trusted Delivery
?

• Demonstrate rejection of message from
  unauthenticated sender
• Demonstrate authentication and forwarding of
  message from trusted sender
• Demonstrate payload data encryption

?
?
DTN will not propagate Distributed
Denial-of-Service Attack DTN will Detect Reject
Fraudulent (Forged Address) Messages
14
Trusted Delivery GNG Metric ACHIEVED
Demonstrate rejection of message from
unauthenticated sender

• Two sending nodes - one legitimate, one malicious
  - attempt to send a bundle in a network with the
  BAH feature enabled
• The malicious node (M1) sends a bundle without
  the appropriate BAH to the forwarding node (N2)
• Result N2 rejects the bundle - ACHIEVED
• The legitimate sender (N1) sends a bundle with
  the appropriate BAH, allowing for successful
  authentication
• Result N2 forwards the bundle to the
  destination (N3)

BAH Bundle Authentication Header
Security Perimeter
N1
N2
N3
M1
Should have been part of the Internet from the
beginning
15
Trusted Delivery GNG Metric ACHIEVED
Demonstrate 1.) Authentication and Forwarding
of Message From Trusted Sender and 2.) Payload
Data Encryption

• N1 sends a bundle to N4 (thru N2) with only the
  BAH activated
• The link between N2 and N3 is insecure, so policy
  at N2 requires payload data encryption
• N2 encrypts the payload, adds the PSH, and
  becomes the PSH-source, with destination N4 the
  PSH-destination for the bundle
• N4 receives the encrypted bundle from N3 (thru
  N2) and decrypts the message ACHIEVED

N3
N1
N2
N4
PSH-Source
PSH-Destination
BAH Bundle Authentication Header PSH Payload
Security Header Red Cleartext Black Ciphertext
DTN Enables Security Partitioning Based on
Traffic Policies Rather than Physical Topology
16
DTN System Architecture
Bundle Engine
API Legend
Protocol Composition API
Management API
Autoconfiguration/ Neighbor Discovery
Bundle Custody Transfer
Bundle Encryption
Bundle End-to-end Reliability
Bundle Flow/Congestion Ctl.
Bundle TBD Services
DTN Policy/Management
DARPA Routing Protocol
Environmental Awareness
DTNRG Routing Protocol
Other Routing Protocol
RoutingAPI
Configuration API
EnvironmentalAwareness API
Convergence Layer
Plug-ins/DLLs
Process Rendezvous
Single DTN Standard Will Be Extensible for
Commercial or Uniquely Structured Military Apps
Such As UAV Overflight, Sensor Nets, Tactical
Disruption
17
Technology for a Common Routing Structure with
Mission-Unique Algorithms

• Wireless networks need diverse routing behaviors
• Open Biggest Battery First (Battery-powered
  systems)
• Use Advantaged Node Last (Transient aircraft
  nodes)
• Open Least Tx Energy Path First (Energy-starved
  systems)
• Open Least Used Reasonable Path First
  (Fairness)
• Extend - dont replace - COTS products

Commercial World
DoD Infrastructure
DoD Sensor Field
minimal protocol set
Core/Interoperable
Core/Interoperable
Core/Interoperable
GIG-unique routing algo.
battery-aware routing algo.
UAV flight schedule
UAV flight schedule
Core/Interoperable
vendor-unique extension
Buy commercial, specialize to military
Color Legend
Commercial DTN Extension
IRG DTN Network Standard Core
Military DTN Extensions
18
DieselNetInitial Deployment May 2004

• University DTN testbeds (GaTech/UMass) urban ops
  experiment with multipath and rapid topology
  change (route breakage)
• Long-term 24/7 Experiment at Low Cost with Mobile
  nodes, sensors, and throwboxes analogs of
  tactical military wireless networks urbanrural
  manned vehicular

DieselNet routers in 40 busses in Amherst
19
Algorithmic Results

• Knowledge management Uniform information
  dissem-ination and improvement of buffer usage
• Resource management Virtual infrastructure with
  transport frames improves delivery rate in
  bottleneck scenarios
• Opportunistic Routing SCaTR framework improves
  delivery rate and reduces signaling overhead
• Reflective Route Planning First DTN routing
  algorithm based on formal reasoning technology
• Flexible network simulation models with
  user-defined physical resource schedules

20
DTN Progressive Maturity

• Integrate Push and Pull Metaphors
• Cognitive Caching
• Information Addressing (not Network Addressing)
• Multiple Native Networks (JTIDS, IP, EPLRS, )
• Initial Demo Board Implementation

Protected, High Performance DTN for Static
Applications with Store and Forward
Phase 1

• Self-Organizing in Response to Network needs
• Large Scale
• Red/Black Management of Persistent Data

Phase 1 Protected, DTN for Medium Scale, Static
Applications with Caching and Distributed Query
Phase 2
Dynamically Self-Organized Organized, Secure
Local Store, Application Linkages, Proven

• Demo in Military Scenario to Assess Utility
• Implement in Longer term, non-Military
  Application for Operational Experience

Progressive Technology Development Resulting in
Proven and Deployable Product
Phase 3

• Integrate into Military Networks
• Implement in Longer term non-Military Application
  to Acquire Experience

21
Merging Information and Networking

• Policy reasoning enable sophisticated queries
  over the network
• I dont know exactly what Im looking for, but I
  know how to describe it
• Late binding as a way of describing information
• Dont have to know where information resides
  Google as a metaphor, not an overlay
• Late binding can occur in the information domain,
  not only the addressing domain
• Want to build a formal structure for persistence
  and networking, a structure for solving tactical
  problems
• Analogous to akamai, but akamai is static.. In
  tactical networks must build our persistence
  architecture on the fly

22
Adaptation to Reflect Network Dynamics

• DTN networks adapt to changing network topologies
• Storage configures itself around paths thru the
  (intermittent) network
• Self-forming Akamais for content distribution in
  response to network demands
• Caching as a result of delay-bandwidth product
  discontinuities
• Military Utility Reduce (eliminate?) burden of
  planning network deployment with unit deployment
• Planning costs currently comparable to or greater
  than people and equipment costs
• Network planning creates inertia/delay in
  deploying forces and reacting to unanticipated
  changes in the theatre
• Avoid the Comms planning cycle!

23
Content-based Networking

• Support push from core, pull from edge, and
  meet-in-the-middle content-based networking
• Steinbet Users will pull data as needed instead
  of having massive amounts of information pushed
  to them regularly regardless of whether it is
  needed. .. a key tenet of net-centric warfare is
  that the consumers of information are smarter
  than their sources about what is needed
  operationally right now, and that they should be
  able to pull those data when they need it.
• Enable users to subscribe to or query useful
  information services, and have data returned when
  theres a new event or query match
• Edge networks can push data up into the network
• Source analysis systems can query DTN storage for
  Wolfpack systems enables heterogeneous sensor
  data fusion
• Distribute policies with bundles much of the
  flexibility of Active Networks without as much
  risk .. Update rules of engagement by
  disseminating policies thru DTN nets

24
Benefits of unifying networking and storage

• Request information by content/type rather than
  by network address
• I want weather for my area instead of I want
  to ftp to 192.168.4.17
• Ability to cache rather than waste wireless
  bandwidth
• Its way cheaper to store data rather than to
  transmit it again
• Integrating push-pull metaphor
• Pushing sends to everyone and wastes bandwidth,
  can pre-place data
• Pulling serves a single user, same data requested
  multiple times wastes bandwidth, incurs large
  delays delays in disrupted networks
• Akamai uses static caches in a wired network to
  mitigate bandwidth wastage and delay
• DTN Push/Pull exploits DTN in-network storage
  (persistent caches) and pub/sub protocols to
  create a dynamic and self-forming akamai
• Temporal security
• Show the data as encrypted/unencryptd

25
A New Security Model

• Red-black separation derives from the philosophy
  that the control center is protected once in
  the black, info is physically safe
• With low-cost devices like WNaN, no longer true
• How to deal with the loss of equipment at the
  tactical edge?
• Information on this equipment is compromised with
  the equipment
• How to change the security model to deal with
  equipment that cant be physically secured??
• Rather than view red-black as physical
  separation, think temporal separation!
• Keep data encrypted unless the application is
  processing it!
• Encrypted data lives in local cache or edge
  network cache, decrypted by app
• Use a DTN security convergence layer shim for
  apps .. Withdraw access by app by revoking cert
  or similar action.
• DTN mechanism protects information keyboard to
  
  eyeball
• Protection from app to app, not from node to node

Temporal Security Model
Time
26
Summary

• Bigger Challenge!
• Larger Funding!
• Massive Need!