Software RX for heart-healthy networks

Internet Protocol (IP) switches and routers make up the heart of the Internet. Military network architects use this commercial technology for everything from base-to-base communications to tactical battlefield networks that connect soldiers, sensors, and weapons. But because the technology behind network equipment – even rugged, embedded products – is based on components developed for the commercial market, innovation is driven by demand for products like mobile devices, not by the wishes of niche customers like the U.S. military. Luckily for them, however, there’s more to a switch than just hardware. At the end of the day, it’s software that gives switches their character and determines their level of flexibility, security, and longevity.

Software brains

What differentiates one network device from another and makes some devices suitable for a wide range of applications is not the hardware nuts and bolts but the more adaptable software inside.

Switch management software controls the configuration, interoperability, addressing, monitoring, protection, supportability, and overall performance of the hardware. Ideally, the software is flexible and customizable enough to cover all corners, easy to use, secure, and backed by the latest tools and expertise. But that’s a tall order in today’s computing market.

Bridging two worlds

The military seeks to exploit COTS hardware and software and commercial standards to reduce costs and deployment time. But the specialized nature of military applications, sensitivity of the information, and the sheer number and diversity of the nodes mean that this customer often needs standards modified in order to get the job done.

In an intelligence application, for example, the military might want to harden a that collects video feeds from a reconnaissance . This might involve modifying a standard protocol slightly – in some small portion of the network – to make the link harder to hack. But this can introduce interoperability issues with other network equipment. Or a user with a large amount of time-critical data, implementing link aggregation on the network, might not tolerate any bandwidth reduction caused by the failure of a single link. But link aggregation methodology can be customized so that a network bandwidth reduction triggers a complete failover to backup link aggregations, maintaining bandwidth.

Addressing these issues at the hardware level can be costly and time consuming. And such one-of-a-kind requirements are obviously difficult to satisfy using commercial chips. In addition, the network equipment and network management software might be supplied by multiple vendors, making any modification a complex and often unrewarding process.

Flexibility, the key

Network equipment that incorporates agile and flexible management software from a vendor who understands both commercial and military network applications can bridge the gap between the military and commercial worlds. It also presents a single face to the user for both hardware and software issues and requirements. OpenWare, a -based switch management environment developed by , provides the flexibility and depth of support required to serve both niche and commercial markets (Figure 1). The open source foundation to GE switch products also gives access to the wealth of tools and protocols maintained by Linux developers worldwide. This software, in turn, can be customized to meet application requirements.

21
Figure 1: The NETernity GBX460 fully managed rugged 6U data plane switch module features GE’s OpenWare switch management software.
(Click graphic to zoom by 1.9x)

Security

Switches can provide security features such as mandatory access control, denial of service protection, integrity checks, and filtering of traffic from untrusted domains. Access control can target switch ports, allowing the network administrator to limit dynamic connections and log switch violations. And dynamic address resolution protocol protection guards against spoofing attacks that could bring down the network.

Switches also can offer backup protection. The software can allow users to take one or multiple “snapshots” of a configuration, save them, and later recapture the desired configuration if it becomes necessary during switch debugging or if a switch is reassigned to a different mission, network, or geographic location.

Switch management software can even combat obsolescence. If the software is tunable enough, a new switch can be programmed to mimic an out-of-production unit in a way that is transparent to other nodes and even to higher-level software and tools. Drop-in replacements of switching hardware can extend the life of military networks and significantly reduce maintenance costs.

defense.ge-ip.com