Icon-5066

Icon-5066 runs as several processes on Windows or Linux, as shown in the diagram below:

1. Icon-5066 Distributed Data Service (DDSD) provides orchestration of the Icon-5066 service and monitoring management capabilities. DDSD runs as a Windows or Linux service. Management is via Web Browser connecting to this service using OAuth authentication. DDSD manages and controls all of the nodes on the core service.
2. The Icon-5066 Core service comprises one or more independent Icon-5066 nodes controlled by DDSD. Each of these nodes implements the STANAG 5066 protocols and connects to a modem. This enables multiple STANAG 5066 services to be conveniently run on a single server.

Each Icon-5066 node can have one or more drivers configured that support a variety of capabilities. These drivers are implemented in the Lua scripting language. This has a number of advantages:

• It enables Isode to offer a selection of drivers to address different configuration requirements.
• It allows Isode customers and partners to easily develop custom drivers to meet specific needs.

The main drivers in Icon-5066 are:

• Modem Driver. This is the most likely driver that Isode customers will provide, in order to support additional modem types.
• Rate Change Driver. This controls selection of transmission parameters when changing speed.
• Transmission Control. This controls choice of a number of modes of operation:
  • Half-Duplex
  • Full-duplex
  • Broadcast
  • CSMA (Carrier Sense Multiple Access)
  • WTRP (Wireless Token Ring Protocol)
  • ALE 1:1 (Use of Automatic Link Establishment to control access to a single peer at a time)
• ALE Configuration: two drivers support ALE configuration

Full Duplex & Broadcast

The most common form of HF communication is Half-duplex, where transmission direction alternates. This is often used for reliable (ARQ) transmission between a pair of nodes where each node alternately transmits and receives. Icon-5066 supports two additional modes of STANAG 5066 compliant communication:

1. Broadcast. Where a node continuously sends non-ARQ traffic and never receives any data. This will typically be used at fixed frequency from a transmit-only site.
2. Full-duplex. Simultaneous transmission and reception on two separate frequencies. Full-duplex gives significant performance benefits, but can only be used in configurations where sufficient separation can be achieved between transmit and receive sites. Icon 5066 provides two modes of full-duplex operation; Single modem (where the modem is operating in full-duplex) and Two modems, independently configured, where one is used for Transmit and the other for Receive.

Data Rate Selection

Data Rate selection is the choice made before transmission of parameters affecting the transmission; in particular speed and interleaver. This is a critical choice for optimizing performance and Quality of Service for the data being handled. Icon-5066 offers a choice of drivers for different rate selection (in addition to customer rate change drivers):

• Fixed: A simple fixed setting for use when fixed parameters are desired or where it is not possible to change them dynamically.
• Signal to Noise Ratio (SNR): This is the best option for most deployments. This uses the mechanisms specified in STANAG 5066 Ed4 to enable sender selection of best parameters for either latency or throughput.
• Frame Error Rate (FER). Useful when SNR information is not available from the modem. This optimizes for throughput using the “Trinder/Gillespie” algorithm.

Multi-Node Networks: CSMA

Icon-5066 supports multi-node HF networks operating over a single HF Channel following STANAG 5066 Annex K, providing CSMA (Carrier Sense Multiple Access) using jitter. The basic CSMA specification in Annex K is appropriate for networks with large numbers of nodes sharing a single HF frequency.

“Slotted Option for STANAG 5066 Annex K” (Specified in STANAG 5066 STANAG Ed4) provides a more efficient and robust option for networks with a small number of nodes, by use of a configured transmission slot for each node. This also enables:

• Operation with single CAS-1 soft link, which is important for interoperability and some traffic patterns.
• Operation with multiple CAS-1 soft links, which improves sharing the HF channel and reduces soft link setup overhead.

con-5066 also supports multi-node HF networks operating over a single HF Channel following STANAG 5066 Annex L, Wireless Token Ring Protocol (WTRP). This provides an efficient and fair way of sharing a channel between nodes. It is particularly useful in conjunction with surface wave to support naval task groups. Further information is provided in [Wireless Token Ring Protocol].

ALE

Icon-5066 provides support for ALE (Automatic Link Establishment) by use of ALE drivers following the procedures specified in STANAG 5066 Ed4. Icon-5066 enables use of 2G ALE, 3G ALE and 4G ALE from different vendors. Icon-5066 configures ALE by mapping peer STANAG 5066 addresses to ALE. Supported ALE units are listed with modems.

Icon-5066 includes ALE Management capabilities to enable configuration of multiple nodes participating in an HF Network. This is described here.

Icon-5066 can be configured with either one modem or two (one for transmission, one for reception). Communication with each modem uses two independent channels; Data, which is mandatory, and Control. Control is optional and will use protocol specific to the chosen modem. Most modems can be used fixed speed without control.

Icon-5066 supports STANAG 4415, STANAG 4285, STANAG 4539 and STANAG 5069 (Wideband HF) waveforms.

Modem Data Support

Icon-5066 supports the following four modem data communication options. These can be used with or without modem control. Use without modem control allows support of any HF modem as fixed speed.

• Synchronous Serial: Required by STANAG 5066 Annex D and used operationally to communicate with Crypto devices, Icon-5066 support the Microgate family of cards and SyncLink USB device.  Current support is on Windows, with Linux support planned.
• Asynchronous Serial: Icon-5066 supports Async Serial on Windows using Windows COM ports and Linux TTY. Async serial is not useful with common Crypto boxes, as they encrypt to stop bits, and so this does not follow the standard. However, it can often be useful for operation without Crypto, as many modems provide an Async Serial interface.
• TCP using MIL-STD-188-110D Appendix A: Defines a TCP protocol to communicate data to a modem.  This is a very useful option for operation without Crypto. It is supported by the Collins family of modems.
• Raw TCP. This is a simpler TCP approach which is useful for some setups. It is supported by RapidM RM10.

Supported Modems & ALE Units

Icon-5066 currently supports control for the following RapidM, Thales and Collins modems:

• RapidM RM6
• RapidM RM8 with 2G and 3G ALE
• RapidM RM10 with 2G, 3g and 4G ALE
• Collins Q9600
• Collins Q9604
• Collins HSM 2050
• Collins RT-4800
• Collins RT-2200A with 4G ALE
• Thales TRC1774 with 2G and 3G ALE
• Leonardo Data/Voice Modem (P/N AA8808625200 and P/N AA8808619500 single and four channel configuration)

Icon-5066 provides a mode to monitor a modem and report SNR using a simple protocol. This is a general purpose capability, useful to support the FAB service provided by M-Switch to support BRASS deployments.

Icon-5066 will usually be deployed with a Crypto in the data path between Icon-5066 and the modem. This is the only connectivity needed for fixed speed operation without ALE.

For ALE and variable speed on the supported modems, Icon-5066 needs a control connection to the modem. This is commonly referred to as Crypto Bypass. For some deployments, a direct connection can be made, where accreditation allows.

Commonly, it is required to use boundary devices to control flow of data between red (Icon-5066) and black (modem). Icon-5066, which is primarily a red-side product, offers a Proxy Modem component which runs on black side.  The Proxy Modem supports control of the same modems and ALE units as Icon-5066 core.

Modem Control communicates with red side using a pair of XML Guards supporting the Guard Content eXchange Protocol (GCXP) acting as application level data diodes. Isode’s M-Guard product is recommended for use with Icon-5066 to achieve this.

Icon-5066 is configured and monitored using a web interface. The configuration interface allows for the creation of new Icon-5066 nodes, setting of detailed parameters and the selection/configuration of drivers.

Web monitoring is provided for all of the configured nodes and includes information on:

• Modem status (Transmit/Receive/Idle)
• Current (or most recently used) modem parameters, including speed, interleaver and bandwidth (for STANAG 5069 WBHF)
• Frame Error Rate for received transmissions
• SNR measured on reception
• STANAG 5066 send and receive transmissions with progress bar
• Status of CAS-1 links established for ARQ communication including link and break attempts.
• ALE status, including setup time, negotiated frequency and negotiated bandwidth for 4G ALE.
• UI display of connected applications with status information.
• Overall system health status (red/green/amber).
• Link utilization.
• ARQ Window Monitoring
• Enable/Disable of individual nodes

Red/Black Drivers

Icon-5066 provides two Red/Black drivers to support HF Communication chain monitoring and management using Isode’s Red/Black product.

1. Modem Driver for all supported modems. This enables modem monitoring and control using Red/Black.
2. Icon-5066 driver to allow monitoring and control of Icon-5066 nodes. This allows enable/disable of nodes, to facilitate communications chain reconfiguration.

Management access to the Icon-5066 services is controlled using OAuth.

TLS (Transport layer security) provides protection for:

• HTTPS Web Access to DSSD.
• TLS Support for GCXP to support Modem Proxy (Crypto bypass) across a Red/Black boundary.

Icon-5066 provides Web UI support for creating and managing identities and certificates associated with TLS

The STANAG 5066 Console is a GUI application that connects to a STANAG 5066 Server. It supports the STANAG 5066 HF Operator Chat Protocol (which can be used with any remote HF Operator Chat client) and Isode protocols that communicate with a peer STANAG 5066 Console. The Isode STANAG 5066 Console offers the following benefits:

• Management GUI Interface independent of STANAG 5066 Server.
• GUI setup and testing of STANAG 5066 network, independent of Isode server applications
• Service Discovery of remote systems.
• Latency and Throughput testing.
• Operator Chat using the standard STANAG 5066 protocol.

Connection Setup

STANAG 5066 Console can connect to multiple STANAG 5066 Servers, which is useful for testing. An operational deployment is likely to use a single local STANAG 5066 server.

Service Discovery

STANAG 5066 Console can discover (automatically or on demand) the identity and operator defined names of other connected systems. This is done by use of a broadcast message, which connected servers respond to. This simplifies setup and testing of a network.

Operator Chat

Operator Chat, as defined in Appendix F of STANAG 5066, is designed to support simple operator to operator communication. STANAG 5066 Console allows easy operator chat to any peer system. It is possible to support both sides of the chat, which is useful for testing but would be unusual for an operational system.

Performance Testing

Performance optimization is critical for operation over slow links. Application measurements are often complex to interpret, and are not a straightforward mechanism to diagnose and measure the underlying systems. STANAG 5066 provides basic tools for measuring the application level view of the underlying STANAG 5066 network. The following capabilities are provided:

• Latency test. This is illustrated above. This is using a simulator, so the times are much shorter than for one using a radio.
• Throughput test.
• Tests may be for a fixed number of packets or continuous.
• Sending is “full speed” and so tests STANAG 5066 server flow control.
• All STANAG 5066 parameters can be adjusted.

Security

The STANAG 5066 SIS protocol does not have any security features, so care must be taken in deployment configuration, to ensure that only trusted components can connect.

Interoperability

STANAG 5066 Console has been tested against a reference STANAG 5066 server, and against the RapidM RM6 Server. Isode is keen to test with other STANAG 5066 Servers. Please contact us if you wish to work with us on this.

STANAG 5066 “Profile for High Frequency (HF) Radio Data Communication” Edition 2. Specific features:

• SIS Protocol.
• Operator Chat (Appendix F).

MoRaSky (Modem Radio Sky) is a software tool provided by Isode to help test Isode HF products. MoRaSky provides a service equivalent to HF modems connected to Radios and operating over the Ionosphere.It enables sophisticated testing of Icon-5066 and the applications it supports, without use of hardware or Over the Air transmission. It can operate as with a GUI or command line interface.

MoRaSky can be used in one of two ways:

1. Emulating a modern modem with data and control interfaces.
2. Emulating a serial interface (synchronous and asynchronous) connection to a data connection to a modem with fixed parameters.

Capabilities include

• Emulation of one or more HF networks (multiple networks can be used for ALE and Duplex testing) with support for two or more connection points to each network.
• Choice of interleaver corresponding to each waveform
• Choice of bandwidth from 3kHz to 48kHz for STANAG 5069
• Option to simulate clear channel
• Configurable Bit Error Rate (BER) on output.
• Configurable Error Clustering.
• Option to drop initial bytes.
• Option to emulate operation at selectable SNR value, with channel variation according to various channel models (CCIR Good; CCIR Moderate; CCIR Poor; AWGN (additive white gaussian noise)).
• Emulation of delays corresponding to two types of Crypto.
• Intermediate Term Variation (ITV) following Walnut Street model.
• Variation of SNR at intervals based on specified list.
• Simulate regular on/off interference.
• Simulate Markov chain on/off interference.
• Modem failure to configurable pattern.
• Duplex channel simulation (one or two modem).
• ALE simulation, including 4G ALE and variable bandwidth.
• Surface Wave Simulation.
• Movement of nodes.
• connectivity change between nodes.

Isode partners will often need to test modems, for example to test with a modem variant that Isode does not have in house. HF Tool is an Isode application that directly uses the Icon-5066 modem drivers. It can be operated in three modes:

1. Controlling two connected modems, so that the HF tool can control what is sent and measure what is received.
2. Controlling two modems with a channel simulator between them. This enables controlled measurements of performance with varying link conditions.
3. Use of seperate HF Tool instance cannot be connected at both ends. HF Tool works in a way that enables the receiver to interpret what is sent

HF Tool runs a range of tests to ensure good performance and operation of modem drivers in a range of conditions. It also gives a clear measure of modem performance:

1. Basic data tests to show data transfer and data loss.
2. Timing tests to show delays and turnaround times.
3. Sequenced tests, so that varying speeds and interleavers can be tested with a single HF tool run.

STANAG 5066 Console is a GUI tool providing STANAG 5066 server discovery (running S5066 Console on the same HF network), HF Operator Chat (conforming to STANAG 5066 Annex O) and throughput measurements to peer S5066 Consoles with ARQ and non-ARQ traffic to measure network performance.