Click for next page ( 4


The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 3
II. REVIEW OF NBS AND DOD OBJECTIVES The National Bureau of Standards and the Department of Defense are such disparate organizations that the committee felt it needed to begin its study with a definition of the roles and expectations of each with regard to the protocol issues in question. The following provides a review of each organization's objectives.5 NBS OBJECTIVES The National Bureau of Standards has three primary goals in computer networking: l. To develop networking and protocol standards that meet U.S. gov- ernment and industry requirements and that will be implemented in off-the-shelf, commercial products. 2. To develop testing methodologies to support development and im- plementation of computer network protocols. 3. To assist government and industry users in the application of advanced networking technologies and computer and communications equipment manufacturers in the implementation of standard proto- cols. Development of Networking and Protocol Standards l The Bureau accomplishes the first objective through close coordination and cooperation with U.S. computer manufacturers and communications system developers. Technical specifications are developed cooperatively with U.S. industry and other government agencies and provided as proposals to voluntary standards organizations. Because the Department of Defense is potentially the largest govern- ment client of these standards, DOD requirements are carefully factored into these proposals. In addition, protocols for computer-to-computer communications developed within the DOD research community are used as an 5The objectives were reviewed by representatives of NBS and DOD, respectively. 3

OCR for page 3
exact statement of DOD functional needs for a particular protocol and form a basis for the functions, features, and services of NBS-proposed standards. To further the development of commercial products that implement stan- dards, the NBS gives priority to the needs of U.S. computer manufacturers who wish to market their products nationally and internationally, not just to the U.S. government. The NBS participates, therefore, in national and international voluntary standards organizations toward the development of an international consensus based on United States needs. Specifications, formal description techniques, testing methodologies, and test results developed by the NBS are used to further the international standardization process. Development of Testing Methodologies The National Bureau of Standards has laboratory activities where pro- totypes of draft protocol standards are implemented and tested in a variety of communications environments supporting different applications on different kinds and sizes of computers. Communications environments include, for example, global networks, local networks, and office system networks. Applications may, for example, include file transfer or mes- sage processing. The primary purposes are to advance the state of the art in measurement methodologies for advanced computer networking tech- nologies and determine protocol implementation correctness and perfor- mance. The NBS views testing as a cooperative research effort and works with other agencies, private-sector companies, and other countries in the de- ve] opment of methodologies. At this time, this cooperat i on i nvo] ves five network laboratories in other countries and over twenty computer manufac- turers. The testing methodologies developed at the NBS are well documented, and the testing tools themselves are developed with the objective of portability in mind. They are made available to many organizations en- gaged in protocol development and implementations. As s i st i ng Users and Manuf actu rers The NBS works directly with government agencies to help them use evol- ving network technologies effectively and apply international and govern- ment networking standards properly. When large amounts of assistance are required, the NBS provides it under contract. Assistance to industry is provided through cooperative research efforts and by the availability of NBS testing fools, industrywide work- shops, and cooperative demonstration projects. At this time, the NBS is working directly with over twenty computer manufacturers in the imple- mentation of network protocol standards.

OCR for page 3
Consistent with overall goals, NBS standards developments, research in testing methodologies, and technical assistance are characterized by direct industry and government cooperation and mutual support. DOD OBJECTIVES The DOD has unique needs that could be affected by the Transport and Internet Protocol layers. Although all data networks must have some of these capabilities, the DOD's needs for operational readiness, mobiliza- tion, and war-fighting capabilities are extreme. These needs include the following: Survivability--Some networks must function, albeit at reduced performance, after many nodes and links have been destroyed. Security--Traffic patterns and data must be selectively protected through encryption, access control, auditing, and routing. Precedence--Systems should adjust the quality of service on the basis of priority of use; this includes a capability to preempt services in cases of very high priority. Robustness--The system must not fad] or suffer much loss of capa- bility because of unpredicted situations, unexpected loads, or misuse. An international crisis is the strongest test of robust- ness, since the system must operate immediately and with virtual- ly full performance when an international situation flares up unexpectedly. Availability--Elements of the system needed for operational readiness or fighting must be continuously available. InteroperabiJity--Different elements of the Department must be able to "talk" to one another, often in unpredicted ways between parties that had not planned to interoperate. These operational needs reflect themselves into five technical or manage- rial needs: l. Functional and operational specifications (that is, will the protocol designs meet the operational needs?; 2. Maximum interoperability; 3. Minimum procurement, development, and support costs; 4. Ease of transition to new protocols; and 5. Manageability and responsiveness to changing DOD requirements. These are the criteria against which DOD options for using the ISO trans- port and internet protocols should be evaluated. 5

OCR for page 3
Performance and Functionality The performance and functionality of the protocols must provide for the many unique operational needs of the DOD. The following paragraphs discuss in some detail both these needs and the ways they can impact pro- toco] design. Survivability includes protecting assets, hiding them, and duplicating them for redundancy. It also includes endurance--the assurance that those assets that do survive can continue to perform in a battle environment for as long as needed (generally months rather than hours); restora]--the ability to restore some of the damaged assets to operating status; and reconstitution--the ability to integrate fragmented assets into a surviv- ing and enduring network. The DOD feels that an important reason for adopting international and commercial standards is that under cases of very widespread damage to its own communications networks, it would be able to support DOD functions by using those civil communications that survive. This would require inter- operability up to the network layer, but neither TOP nor TP-4 would be needed. The committee has not considered the extent to WhiCh SUCh in- creased interoperability would increase survivability through better restoral and reconstitution. Availability is an indication of how reliable the system and its components are and how quickly they can be repaired after a failure. Availability is also a function of how badly the system has been damaged. The DDN objective for system availability in peacetime varies according to whether subscribers have access to ~ or 2 nodes of the DDN. For sub- scribers having access to only one node of the DDN, the objective is that the system be available 99.3 percent of the time, that is, the system will be unavailable for no more than 60 hours per year. For subscribers having access to 2 nodes, the objective is that the system be available 99.99 percent of the time, that is, the system will be unavailable for no more than one hour per year. Robustness is a measure of how well the system will operate success- fully in face of the unexpected. Robustness attempts to avoid or mini- mize system degradation because of user errors, operator errors, unusual load patterns, inadequate interface specifications, and so forth. A we11- designed and tested system will limit the damage caused by incorrect or unspecified inputs to affect only the performance of the specific func- tion that is requested. Since protocols are very complex and can be in very many "states," robustness is an important consideration in evalu- ating and implementing protocols. Security attempts to limit the unauthorized user from gaining both the information communicated in the system and the patterns of traffic throughout the system. Security also attempts to prevent spoofing of the system: an agent attempting to appear as a legitimate user, insert false traffic, or deny services to users by repeatedly seeking system services. - 6

OCR for page 3
Finally, Security is also concerned with making sure that electronic mea- sures cannot seriously degrade the system, confuse its performance, or cause loss of security in other ways. Encryption of communication links is a relatively straightforward element of security. It is widely used, fairly well understood, constantly undergoing improvement, and becoming less expensive. On the other hand, computer network security is a much newer field and consid- erably more complex. The ability of computer network protocols to pro- vide security is a very critical issue. In the past decade much has been learned about vulnerability of computer operating systems, development of trusted systems, different levels of protection, means of proving that security has been achieved, and ways to achieve multilevel systems or a compartmented mode. This is a dynamic field, however, and new experience and analysis will probably place new requirements on network protocols. Crisis-performance needs are a form of global robustness. The nature of a national security crisis is that it is fraught with the unexpected. Unusual patterns of communication traffic emerge. Previously unstressed capabilities become critical to national leaders. Individuals and organi- zations that had not been communicating must suddenly have close, secure, and reliable communications. Many users need information that they are not sure exists, and if it does, they do not know where it is or how to get it. The development of widely deployed, interoperable computer networks can provide important new capabilities for a crisis, particu- larly if there is some investment in preplanning, including the nigher- level protocols that facilitate interoperability. Presidential directives call for this. This will become a major factor in DOD's need for interop- erability with other federal computer networks. The DOD, as one of the most affected parties, has good reason to be concerned that its network protocols will stand the tests of a crisis. In addition, there are performance and functionality features that are measures of the capability of the network when it is not damaged or stressed by unexpected situations. Performance includes quantifiable measures such as time delays, transmission integrity, data rates and efficiency, throughput, numbers of users, and other features well under- stood in computer networks. Equally important is the extent of func- tiona~ity: What jobs will the network do for the user? The DON has established some performance objectives such as end-to- end delays for high-precedence and routine traffic, the probability of undetected errors, and the probability of misdelivered packets. Such objectives are important to engineer a system soundly. The DOD must place greater emphasis on more complex performance issues such as the efficiency with which protocols process and communicate data. The DOD has stated a need for an effective and robust system for pre- cedence and preemption. Precedence refers to the ability of the system to adaptively allocate network resources so that the network performance is related to the importance of the function being performed. Preemption refers to the ability of the system to remove users (at least temporarily) /

OCR for page 3
until the needs of the high-priority user are satisfied. The ARPANET environment in which the protocols were developed did not emphasize these capabilities, and the current MILNET does not function as effectively in this regard as DOD voice networks. The DOD has also stated a need for connectionless communications and a broadcast mode. In the majority of network protocols, when two of more parties communicate, virtual circuits are established between the communi- cating parties. (For reliability, additional virtual circuits may be established to provide an inplace backup.) DOD needs a connectionless mode where the message can be transmitted to one or more parties without the virtual circuit in order to enhance survivability; provide a broad- cast capability (one sender to many receivers); and handle imagery, sen- sor data, and speech traffic quickly and efficiently. If intermediate nodes are destroyed or become otherwise unavailable, there is still a chance that the data can be sent via alternate paths. The broadcast capability is particularly important in tactical situations where many parties must be informed almost simultaneously and where the available assets may be disappearing and appearing dynamically. The Department of Defense requires an internetting capability whereby dif- ferent autonomous networks of users can communicate with each other. Interoperability Presidential and DOD directives place a high priority on interoper- ability, which is related to the internetworking previously discussed. Interoperability is primarily important at two levels: network access and applications. To achieve interoperability at the level of network access,users of backbone communications nets must utilize the same lower-level protocols that are utilized by the network. Generally these protocols are layers 1, 2, and 3, up to and including part of the IP layer. In other words, interoperability for network access does not depend on either implementation of the transport layer (TP-4 or TCP) or of all of the internet (IP) layer. The primary advantages of network access interoperability are twofold: 1. Significant economies of scale are possible since the various users can share the resources of the backbone network including hardware, software, and development and support costs. Network survivability for all users can be increased significantly since the network has high redundancy and, as the threat increases, the redundancy can also be increased. Interoperability at the applications layer allows compatible users at different nodes to talk to each other, that is, to share their data, sup- port each other, and thereby coordinate and strengthen the management of forces and other assets. InteroperabiJity at the applications layer can be achieved through the use of specialized software that performs those functions of higher-layer protocols (such as TOP or TP-4, file transfer, _ ~ _

OCR for page 3
and virtual terminal) that are needed by the particular application. If some of the higher-layer transport and utility protocols have been deve- loped for particular hosts or work stations, their use greatly reduces development, integration, and support costs, although with a potential sacrifice of performance. Interoperability at the applications level, that is, full functional interoperabiJity, is important to specialized communities of users such as the logistics, command and control, or re- search and development communities. As these different communities utilize the DON, they have the advantages of shared network resources. Within each community there is full functional interoperability but generally there is much less need for one community to have functional interoperability with members of another community. The implementation of TOP or TP-4 within network users, but without the implementation of higher-level protocols and application interoper- ability, is not generally an immediate step in increasing interoperabil- ity. It does have these immediate advantages: It represents an important step in investing in longer-term interoperability. It generally represents an economical near-term investment on which communities of interest can build their own applications. It facilitates the development of devices for general network use such as Terminal Access Controllers (TACs). Interoperability at the applications level will become increasingly important among the following communities: Worldwide Military Command and Control Systems, including systems of subordinate commands; Depart- ment of Defense Intelligence Information Systems; U.S. tactical force headquarters (fixed and mobile); NATO force headquarters; other U.S. intelligence agencies; the State Department; and the Federal Bureau of Investigation and other security agencies. Although interoperability of applications within the DOD has the highest priority, it is clear that governmentwide and international interoperability will be an objective with increasing priority. The NATO situation is especially important.6 In a somewhat longer time period, DOD will want applications interop- erability with many commercial information services. As interoperable computer networks become more common, processing and data services will burgeon in the marketplace. These will include specialized data bases 6Europe has been a major force in the development of 150 standards. Consistent with this is a NATO commitment to adopt ISO standards so long as they meet military requi remeets. 9

OCR for page 3
and analytic capabilities that all large organizations will need in order to be up-to-date and competitive. With regard to interoperability at the network level, DOD will want to be able to utilize commercially available networks for both surviva- bility and operational effectiveness and economy. In the case of a major war in Europe, for example, the United States would want to be able to use surviving PTTs (Postal, Telegraphy, and Telephony Ministries) for restoral and reconstitution. During peacetime there will be cases where special DOD needs can be best satisfied with commercially available capabilities. As technology continues to provide less expensive, smaller, and more reliable data processing equipment, computer networks will become increas- ingly prevalent at lower levels of the tactical forces--land, air, and sea. It will be important that these tactical networks be capable of interoperability with each other (for example, air support of ground forces) and with headquarters. It is likely that the tactical network will need a network architecture and protocols that are different from the ARPA- and ISO-derived protocols. If so, the developments wild place requirements on the higher-level DOD protocols. If the DOD chooses to move from TOP to TP-4, this can be done in phases for different communities of interest and subnetworks. In this way if there is difficulty in converting one subnet, the rest of the net- work need not be degraded. Also the different subnets will be able to make the transition at the most suitable time in terms of cost, risk, and the need to interoperate with other subnets. As a result if DOD uses TP-4 for some new nets or major upgrade of existing nets, this will generally not reduce interoperability in the near term unless interoperability of applications is needed between two communities. In this case specific interoperability needs may be satisfied with specialized gateways for mail or data exchange. The DOD points out that it desires al] networks to be interoperable since it is not possible to predict when one community will need to com- municate with another or use the resources of the other. As previously indicated, however, unexpected needs for full functional interoperability can only be met when appropriate higher-layer software is developed. Minimize Costs The Department of Defense seeks to minimize costs of development, procurement, transition (if it decides to move to ISO protocols), and support. Generally the objective is to limit life-cycle costs, that is, the total costs over a 5-to-g-year period with future costs suitably discounted (lO to 20 percent per year). The Department of Defense has already made a heavy investment in protocols, and the investment has paid off in the success of current protocols operational in many networks. On the other hand, the DOD acknowledges the potential advantages of using the ISO protocols if made available as commercially supported products. Development costs for these JO

OCR for page 3
protocols can be small since their development cost is amortized by the commercial vendor over a larger market. Support costs for these proto- cols tincturing minor modifications, integration into other products, documentation, and training) are also significantly reduced because of vendor-supplied services. These cost factors are further discussed in Section AX in terms of the three options presented in Section VITI. Ease of Transition and Manageability Networks must be manageable and capable of growth and improvement. The Department of Defense generally makes the fastest progress in deve- loping complex information systems if it evolves these capabilities whi working in concert with the users and the acquiring agencies. In this light, the following factors are important: he Minimal interruption of current service--For most DOD networks it is essential that they operate continuously. If there is to be transition to new protocol services (whether based on current DOD versions or ISO), it is important that these transitions be planned, designed, and pretested so that the transition will be nondisruptive. Verifiability--~t is essential to have a testing capability where new protocol implementations can be thoroughly tested to ensure that they will interoperate, have full functionality specified, do not contain errors, are robust, and meet quanti- tative performance needs. The National Bureau of Standards has established such a capability, and it is being used to verify a number of TP-4 implementations, including those demonstrated at the National Computer Conference in July l9g4. An IP-testing capability is being added. The Department of Defense is plan- ning a similar protocol test facility for TOP, but work is just getting underway. If the DOD plans to migrate promptly to TP-4, there is a question whether this investment is warranted. Compatibility with higher protocols--As the transport and lower- protoco] layers evolve, it is essential that they maintain full compatibility with higher-layer protocols. This is particularly important for the DOD because it will increasingly have inter- operability at the applications level. Responsiveness to evolving DOD needs--Current DOD needs will change or new needs may arise. It is very likely, for example, that subtle performance problems may be discovered in a protocol that are unique to the strenuous DOD-operating environment and that could have serious operational consequences. If the DOD is using commercial protocols products based upon international standards, the DOD will need two commitments when critical defi- ciencies are discovered. It will need a commitment from the manufacturer that critical problems will be promptly fixed and a commitment from the NBS that it will move quickly to change federal standards and seek changes in international standards.

OCR for page 3
Minimal risks--The DOD needs are so large and important, it cannot afford to take otherwise avoidable risks. Maintenance of manageability--The DON is new and is using a new approach after the cancellation of AUTODIN Il.7 There are pressing operational needs and many impatient users. If the DOD delays in moving to ISO protocols and later decides to do so, the costs and disruption will be large. On the other hand, moving now to ISO will be less disruptive. - 7AUToDIN IT was a program to develop a data communications system for the DOD. The program envisioned relatively few large packet switches. It was cancelled in 1982 in favor of ARPANET-derived designs because of considerations of security, architecture, survivability, and cost. - 12 -