We accept a certain amount of unreliability in our daily lives, especially from communications technology. A dropped cellular call here, a failed Internet connection there—what's the big deal? For a variety of technical and cost reasons, Internet and wireless providers can only promise their "best effort" to customers. We actually expect a much higher level of service from our "old-fashioned" land-line telephones.

But in a world in which computers provide increasingly more of our communications, this lack of dependability isn't acceptable, especially during military operations or national emergencies such as September 11. Glen Nakamoto, director of MITRE's Advanced Network Technology Center, is researching emerging technologies designed to bring land-line robustness to computer-based communications, even under the most adverse conditions. Nakamoto and his colleagues believe network reliability and other quality-of-service problems are among the biggest challenges the military faces in its ongoing transformation into a truly 21st-century organization.

"We're relying more and more on network services to support our troops on the front lines," Nakamoto says. "Even though we expect computers to be up all the time—to have backups and redundancies—that's not been the case with communications networks. We need the same kind of reliability and predictability of service that we expect from computers in general."

In an Air Force-sponsored research project, entitled "Assured Network Delivery," Nakamoto is examining new commercial products designed to provide consistent service under all conditions for military use. As these products roll out from a variety of companies, MITRE will be putting many of them to the test to help the military make good acquisition choices.

Looking for Predictable Service

The problem with standard IP (Internet protocol) communications is that data moves in chunks called packets. If the network is jammed with digital traffic, however, packets have an unfortunate tendency to arrive at irregular times—and sometimes not at all. At a minimum, people using voice-over IP (telephone calls on the Internet) may encounter poor audio quality or static. At worst, the network fails.

To combat these inherent flaws in the current Internet, Nakamoto's team is examining new technologies that offer several guarantees, including end-to-end bandwidth reliability, fixed latency (the amount of time it takes for data to travel from point A to point B), controlled packet loss (dropping packets due to congestion), and reduced jitter (the variation in that latency). Reducing jitter and controlling packet loss, for example, can significantly improve the quality of service for voice-over IP users. Better yet, it can help prevent application failures over a congested network.

"Right now, if you are in the field and have high congestion or there's a major denial-of-service attack, people just assume that your network services will start to shut down," Nakamoto says. "But we've demonstrated that these new technologies can be very resilient, even when you purposely launch denial-of-service attacks—putting so much traffic on the network that under normal circumstances, your network would shut down. They continue to let the designated applications [such as Voice-over IP (VoIP) or video conferencing] work across the network smoothly and effectively.

"These new technologies, which involve sophisticated packet routing and emulated circuit switching, reduce, if not eliminate, the uncertainty of standard IP networks," he says. "They provide predictable services with guaranteed throughput, guaranteed latency and reduced jitter—which is what a military network under attack needs."

An ANT with a Giant's Power When Glen Nakamoto decided to test a new technology that held the promise of near-total dependability for digital networks, he knew just where to start: in MITRE's Advanced Network Technology Laboratory. Called the ANT Lab for short, this is one "ANT" that more than carries its own weight. The lab contains more than 50 routers and switches, more than 30 servers, stacks of laptops, and supports 27 full-time staff as well as many projects throughout the corporation. There is enough computing and brain power to simulate virtually any kind of digital network. "In this lab, we design, assess, and troubleshoot systems," says Nakamoto. "Whatever kind of network you might need, we can fabricate, emulate, or simulate it first in the lab. We typically like to build things physically, but we also have simulation software for modeling large-scale networks. We have also acquired a physical layer—one switch that allows a remote user of the lab to 'rewire' the router physically and switch interfaces—in effect, allowing the remote user to be 'virtually' there. This remote user has full access to the servers, traffic generation tools, and network management systems in our lab, which extends our capability to provide support to remote network engineers at other locations when needed." Although Nakamoto's department uses the ANT Lab for its own research, the lab offers its services to numerous other MITRE information technology projects across the corporation. "We try to meet their needs so MITRE doesn't have unnecessary redundancy among its labs," he says. Besides building and testing true-to-life computer networks, the lab staff also performs network assessments for military exercises and operations centers. "Through that kind of work, we're really learning what the military needs. We also have deployed people to Iraq and Saudi Arabia to learn what problems they have and how they might be solved." The third element of the lab's work—acquisition support—ties together the other pieces by providing unbiased advice on systems and services the government is considering purchasing. "With the lab, we get to be a bridge between research and our sponsors' real-life challenges," he says.

Demonstrating Reliability

Nakamoto already knows that provisioning a network with predictable services is possible: he and his team demonstrated the application at MITRE's 2003 Technology Symposium. (The annual Technology Symposium is an exhibit of the corporation's current research projects.) For the symposium, Nakamoto continuously ran a wide-area network from MITRE's headquarters in Bedford, Massachusetts, to MITRE's headquarters in McLean, Virginia, simulating a military communications backbone. Using a commercial real-time sequencing technology, the team ran voice, video, and data communications applications, as if the link were carrying standard network traffic. The team's tests inundated the system with excess digital traffic, including simulated denial-of-service attacks.

"The whole network should have been overwhelmed," Nakamoto says, "but it worked perfectly, 24 hours a day, for 30 days. We believe it may have been the first real-time wide-area network ever run."

The exercise demonstrated the difference between guaranteed service and the traditional "best effort" most Internet service providers offer. Nakamoto was pleased by both the successful experiment and the Air Force's positive reaction. However, a guaranteed-service solution—whether it's one of the products Nakamoto researched this past year or one from another company—would require the purchase of new routers and other (often costly) infrastructure equipment. As a result, he predicts the military would roll out the new tools slowly in niche areas, such as video teleconferencing (VTC).

"Using this technology in relatively small areas, such as VTC, will let organizations try it without making major infrastructure changes," he says. "But eventually they'll see the key benefits, such as improved security and less waste of bandwidth. For example, some new applications allow others to use idle slots in the network's bandwidth because the tools constantly monitor the system in real time. That's really innovative."

Although many of these commercial solutions break new ground, Nakamoto notes that MITRE is most interested in finding standards-based solutions, as opposed to proprietary ones. This would give our government and military sponsors a wider variety of choices in the future. At this point, however, there is no agreed-upon set of standards for predictable network service. The Internet Engineering Task Force, an international, non-profit consortium, has proposed a set of standards relating to differentiated services, but it's not likely these standards will go far enough to bring predictability into the network. During the next year, as MITRE continues to explore the different new offerings in the field, we will also monitor the progress of these worldwide standards.

Managing for Best Results

Our immediate objective is to find better ways to introduce and handle this complex kind of technology into a military environment. It's not just the technology that needs to change, but procedures and training.

Nakamoto explains that if the military introduces new proprietary equipment into a situation, the network system administrator must understand the technology inside and out. In a military setting—with personnel rotating through assignments and locations—it's not realistic to expect all users to have an intimate knowledge of a proprietary product with complex hardware and software configurations. Before MITRE can recommend a technology like this to our sponsors, it has to be user-friendly. This is where Nakamoto's team has been concentrating much of its effort.

"In addition to assessing the technology, our emphasis is on achieving greater user-friendliness through system-management concepts and tools," he says. "To help us do this, we've been developing software probes that automatically explore the network. The information we receive enables users to take action one of two ways: either based on high-level management policies—such as 'this client gets priority on that server'—or based on an operator making choices and manually selecting sources and destinations.

"We can designate certain network traffic as mission critical. These traffic flows can be pre-designated if known ahead of time [by policy] or dynamically assigned with a simple-to-use graphical user interface. In a military environment, we use probes that automatically monitor the network traffic and help manage the various networked applications. By shifting the knowledge that the network administrators need to a policy level—as opposed to a physical packet behavior level—they don't have to know minute details of the new technology or the behaviors of the mission-critical application to use it properly and deliver predictable service."

Network-wide Collaboration Needs Reliability and Predictability

Why is this problem so important now? In the little more than 10 years since Operation Desert Storm, the nature of military communications has changed dramatically.

"In the past, it could take weeks—even months—to build up military operations in a region," Nakamoto says. "Now, we try to minimize our forward footprint. It's a different concept of operations, and there's more reliance on the network, less on a central base. That means the military relies more on collaboration throughout the world-using VTC, e-mail, voice-over IP.

"Collaboration is key to distributed operations. We need better networking, better quality of service. There's still too much unpredictability. The new technologies we're researching put some of that predictability back in the network."

Nakamoto believes that finding solutions to the network reliability and other quality of service problems is vital to the military's push toward network-centric warfare (NCW; also called network-centric operations).

"With network-centric warfare, you must have an infrastructure that guarantees the information is accessible," Nakamoto says. "Much of the thinking behind our research project is to help us live up to the expectations of NCW. We want the network to be invisible to users—like your land-line telephone—with that same level of reliability. We have to get into a mindset to expect more from our networks than we do now."

—by Alison Stern-Dunyak