Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
encrypted and then encapsulated with a packet header of a convey<strong>in</strong>g network. That packet is<br />
then be<strong>in</strong>g tunneled across that convey<strong>in</strong>g network to a po<strong>in</strong>t where the encapsulat<strong>in</strong>g/encryption<br />
process is reversed and the packet is re-<strong>in</strong>troduced <strong>in</strong>to a network operat<strong>in</strong>g at the orig<strong>in</strong>al<br />
classification level. Many people refer to the convey<strong>in</strong>g network as be<strong>in</strong>g BLACK, i.e., that they<br />
are often unclassified networks, and the conveyed network as be<strong>in</strong>g RED, which means that they<br />
may be classified at any specific classification level. Regardless, RED network packets are the<br />
orig<strong>in</strong>al pla<strong>in</strong> text packets, and BLACK packets are the cipher text (i.e., encapsulated and<br />
encrypted) packets. (Note: because the RED (customer) packets are encapsulated <strong>in</strong>to that<br />
convey<strong>in</strong>g BLACK network, the BLACK network itself is referred to as cipher text, even though<br />
the native non-VPN communications with<strong>in</strong> that network are also normal pla<strong>in</strong> text packets.)<br />
RED packets have only one IP layer header and operate <strong>in</strong> the normal manner, but BLACK<br />
packets have two IP layer headers: the orig<strong>in</strong>al IP layer header that was used by the orig<strong>in</strong>al end<br />
user and the encapsulated IP layer header that is used by the convey<strong>in</strong>g network.<br />
Figure 18 represents a possible mechanism for operat<strong>in</strong>g military aircraft with<strong>in</strong> the DoD’s GIG<br />
<strong>in</strong>frastructure. The figure has two dist<strong>in</strong>ct elements: (a) represents possible physical network<br />
systems and (b) shows how these systems logically work together.<br />
<strong>Aircraft</strong> A<br />
Ground Station<br />
<strong>Aircraft</strong><br />
Viewpo<strong>in</strong>t<br />
<strong>Aircraft</strong> B<br />
Red IP<br />
(SBU)<br />
Red IP<br />
(Secret)<br />
Black IP<br />
Black Router<br />
IP<br />
Wireless<br />
media<br />
Black IP<br />
Black Router<br />
IP<br />
Router<br />
Red IP<br />
(SBU)<br />
Red IP<br />
(Secret)<br />
Red IP<br />
(SBU)<br />
Red IP<br />
(Secret)<br />
Black IP<br />
Router<br />
(a)<br />
= COMSEC device<br />
Logical<br />
View<br />
of “Big<br />
Picture”<br />
NIPRNET<br />
SIPRNET<br />
Other Black GIG networks<br />
Top<br />
Secret<br />
(b)<br />
Logically Networked <strong>Aircraft</strong><br />
Black IP<br />
IP<br />
Router<br />
Black<br />
Network<br />
Black Black IP<br />
IP<br />
Router<br />
Red IP<br />
(SBU)<br />
Red IP<br />
(Secret)<br />
Red IP<br />
Top Secret<br />
SBU<br />
Network<br />
Secret<br />
Network<br />
Top<br />
Secret<br />
Network<br />
Figure 18. Representation of how <strong>Aircraft</strong> may Function With<strong>in</strong> the GIG<br />
Figure 18(a) shows that the aircraft may <strong>in</strong>ternally support comput<strong>in</strong>g devices that operate at a<br />
specific classification level. These comput<strong>in</strong>g devices may be connected via onboard networks<br />
(<strong>LANs</strong>) that operate at a specific classification level. In those cases where aircraft <strong>in</strong>ternally<br />
57