[Sis-ipo] IPE test results viewgraphs loaded to SIS-IPO CWE
Soloff, Jason A. (JSC-ZF311)
jason.a.soloff at nasa.gov
Tue Apr 21 10:53:43 EDT 2009
Folks -
I assume Ed is referring to the CxP arch.
There is a misconception among a lot of people about how IPSEC is applied within Cx. All Cx systems must provide the ability to protect information using IPSEC. They do not all have to turn it on. That decision depends on the type of traffic flowing at a given time and how that information must be protected. For example, command must be authenticated (meaning it came from an authenticated user) but does not need to have confidentiality provided by encryption. Crew medical communication (email, medical conferences, etc) must have confidentiality provided, but not source authentication. Neither feature is turned on for the bulk of the traffic. This means that most of the traffic in a channel is NOT using IPSEC in any way, and therefore receives the benefit of IPHC. This is a different model than traditional "encrypt it all" link design. Remember we are building a networked end-to-end architecture, and using application and network layer techniques in place of the legacy link layer techniques.
Now, at the end of the day, lets assume that we DO need to use IPSEC, and that we DO need to have a lot of it. Our links are designed with data margin. In the nominal case (what we are designing to), that margin remains for on-orbit low-priority traffic (background file transfers, recorder dumps, science offload, etc). If it turns out that the risk assessments (which are in process) show that we need to protect more traffic than we thought, we have less margin - but we fit - both in terms of reserved data bandwidth w/ the current RF powers, and also with additional RF design margin if needed.
There are a lot of issues for our program with delivering data from MCC to the ground site with SLE. These include technical (inability to route link layer crypto, support for multiple sources of data, "forcing" JSC MOD to be the "network concentrator" for the moon for all time...), but also cost, manpower, and scheduling complexity. These are being discussed by the Cx Program Manager and the head of Mission Operations at JSC.
- Jason
From: Israel, David J. (GSFC-5670)
Sent: Tuesday, April 21, 2009 8:32 AM
To: Greenberg, Edward; Kazz, Greg J; sis-ipo at mailman.ccsds.org
Subject: RE: [Sis-ipo] IPE test results viewgraphs loaded to SIS-IPO CWE
Ed,
It is important to identify whether or not this comment will affect the completion of the IPO document under development. Do you think it does? I think this comment is specific to a particular users implementation and ops plan an we should move the discussion to a different forum.
Regards,
Dave
________________________________
From: sis-ipo-bounces at mailman.ccsds.org [mailto:sis-ipo-bounces at mailman.ccsds.org] On Behalf Of Greenberg, Edward
Sent: Tuesday, April 21, 2009 12:13 AM
To: Kazz, Greg J; sis-ipo at mailman.ccsds.org
Subject: Re: [Sis-ipo] IPE test results viewgraphs loaded to SIS-IPO CWE
I hate to say it but trying to show that you can squeeze a data stream that is 10% higher than the allowable bandwidth by using header compression without Ipsec is a useless example when the defined architecture requires Ipsec. The example however, becomes useful only if the framing is performed at MS, includes Link layer security and is delivered to the station via SLE to achieve the necessary security.
On 4/20/09 8:46 PM, "Kazz, Greg J" <greg.j.kazz at jpl.nasa.gov> wrote:
All,
As promised please go to the following URL to download the presentation Loren Clare made today on interoperability testing of the CCSDS Internet Protocol Extension (IPE).
http://cwe.ccsds.org/sis/docs/Forms/AllItems.aspx?RootFolder=%2fsis%2fdocs%2fSIS%2dIPO%2fDraft%20Documents&FolderCTID=&View=%7b390C4ADA%2dA69B%2d4E52%2dA0DA%2d50C48F989C4B%7d <http://cwe.ccsds.org/sis/docs/Forms/AllItems.aspx?RootFolder=%2fsis%2fdocs%2fSIS%2dIPO%2fDraft%20Documents&FolderCTID=&View=%7b390C4ADA%2dA69B%2d4E52%2dA0DA%2d50C48F989C4B%7d><http://cwe.ccsds.org/sis/docs/Forms/AllItems.aspx?RootFolder=%2fsis%2fdocs%2fSIS%2dIPO%2fDraft%20Documents&FolderCTID=&View=%7b390C4ADA%2dA69B%2d4E52%2dA0DA%2d50C48F989C4B%7d>
best regards,
Greg Kazz
Chairman CCSDS SIS-IPO
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ccsds.org/pipermail/sis-ipo/attachments/20090421/0729195b/attachment.html
More information about the Sis-ipo
mailing list