Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Aircraft</strong><br />
<strong>Aircraft</strong> Control<br />
Cockpit Network<br />
VPN<br />
Level A SW<br />
Level A SW<br />
Crew<br />
1<br />
Network<br />
Manager<br />
Encapsulation Gateway<br />
High-Assurance LAN<br />
Air- to - Ground<br />
Comms<br />
Firewall<br />
High-Assurance LAN<br />
Packet Filter<br />
Non-Cockpit Noncockpit Crew Crew Network<br />
Network<br />
Passenger Network<br />
High-Assurance LAN<br />
High-Assurance LAN<br />
Crew<br />
1<br />
Crew<br />
N<br />
Passenger<br />
1<br />
Passenger<br />
2<br />
Passenger<br />
N<br />
SW = Software<br />
Figure 35. Sample Airborne Network Management<br />
If the entities with<strong>in</strong> a VPN are to be managed, then they need to be managed by a network<br />
management station that also resides with<strong>in</strong> that same VPN. However, if this is done, then the<br />
airplane will have multiple network manager systems, one for the unencapsulated network and<br />
one for each managed VPN. This would create a fragmented management view of the total<br />
network, which would greatly <strong>in</strong>crease the difficulty of effectively manag<strong>in</strong>g that airplane.<br />
Because of this, this study recommends that the VPN encapsulation be established by means of<br />
an encapsulation gateway middlebox, rather than the traditional dual PE and CE router approach<br />
(see figure 34), so that the aeronautical community would have the alternative of optionally<br />
build<strong>in</strong>g <strong>in</strong>tegrated VPN management capabilities <strong>in</strong>to the encapsulation gateway itself.<br />
As figure 33 shows, the encapsulation gateways have two faces: one to the unencapsulated<br />
airborne network and one to the encapsulated VPN community that they serve. In traditional<br />
VPN practice, there is no mechanism for these two networks to be l<strong>in</strong>ked, which is why VPN<br />
technology qualifies as be<strong>in</strong>g a viable ARP 4754 partition design for networked systems.<br />
However, if the aeronautical community decides to implement the IPsec VPN [99] technology by<br />
means of encapsulation gateway middleboxes recommended by this study, then the aeronautical<br />
community needs to determ<strong>in</strong>e if and how VPN management adjunct capabilities are def<strong>in</strong>ed<br />
with<strong>in</strong> the encapsulation gateway design.<br />
Such a design needs to carefully preserve the safety and security <strong>in</strong>tegrity protections that are<br />
provided by VPN technologies while simultaneously meet<strong>in</strong>g the actual network management<br />
requirements. This is a very serious issue. The follow<strong>in</strong>g discussion is a sample of the type of<br />
120