Icon-5066 is a modem-independent STANAG 5066 server. It enables applications to work efficiently over HF Modems/Radios and allows multiple applications to work simultaneously.

Icon-5066 will connect to one or two HF modems, either through a Crypto box or directly, and provides a single interface to an HF network, which can be shared by multiple applications.

The diagram below shows how Icon-5066 is deployed in conjunction with an HF network and two peers, which may use Icon-5066 or another product compliant to STANAG 5066. STANAG 5066 provides a link layer optimized for HF Radio and described in the whitepaper [STANAG 5066: The Standard for Data Applications over HF Radio].

Applications connect to Icon-5066 using the STANAG 5066 SIS (Subnet Interface Service) protocol. Each application uses one of 16 SAP IDs (Service Access Point Identifier).


Icon-5066 runs as two services, which may be Windows services or Linux processes, as shown in the diagram below:

  1. The Icon-5066 Core service runs one or more independent Icon-5066 nodes. Each of these nodes implements the STANAG 5066 protocols and connects to a modem. This enables multiple STANAG 5066 services to be conveniently run on a single server.
  2. Icon-5066 Distributed Data Service communicates with the core service and provides configuration and monitoring management capabilities. Management is via Web Browser connecting to this service, which enables management of all of the nodes on the core service.

Each Icon-5066 node can have one or more drivers configured that support a variety of capabilities. These drivers are implemented in the Lua scripting language. This has a number of advantages:

  • It enables Isode to offer a selection of drivers to address different configuration requirements.
  • It allows Isode customers and partners to easily develop custom drivers to meet specific needs.

The main drivers in Icon-5066 are:

  • Modem Driver. This is the most likely driver that Isode customers will provide, in order to support additional modem types.
  • Rate Change Driver. This controls selection of transmission parameters.
  • Transmission Control. This controls choice of half-duplex/full-duplex/broadcast and whether transmission terminated when there is not more data to send.

Key Features

Full Duplex & Broadcast

The most common form of HF communication is Half-duplex, where transmission direction alternates. This is often used for reliable (ARQ) transmission between a pair of nodes where each node alternately transmits and receives. Icon-5066 supports two additional modes of STANAG 5066 compliant communication:

  1. Broadcast. Where a node continuously sends non-ARQ traffic and never receives any data. This will typically be used at fixed frequency from a transmit-only site.
  2. Full-duplex. Simultaneous transmission and reception on two separate frequencies. Full-duplex gives significant performance benefits, but can only be used in configurations where sufficient separation can be achieved between transmit and receive sites. Icon 5066 provides two modes of full-duplex operation; Single modem (where the modem is operating in full-duplex) and Two modems, independently configured, where one is used for Transmit and the other for Receive.

Data Rate Selection

Data Rate selection is the choice made before transmission of parameters affecting the transmission; in particular speed and interleaver. This is a critical choice for optimizing performance and Quality of Service for the data being handled. Icon-5066 offers a choice of drivers for different rate selection (in addition to customer rate change drivers):

  • Fixed: A simple fixed setting for use when fixed parameters are desired or where it is not possible to change them dynamically.
  • Signal to Noise Ratio (SNR): This is the best option for most deployments. This uses the mechanisms described in [Data Rate Selection in STANAG 5066 for Autobaud Waveforms (S5066-EP4)] to enable sender selection of best parameters for either latency or throughput.
  • Frame Error Rate (FER). Useful when SNR information is not available from the modem. This optimizes for throughput using the "Trinder/Gillespie" algorithm.

Multi-Node Networks: CSMA

Icon-5066 supports multi-node HF networks operating over a single HF Channel following STANAG 5066 Annex K, providing CSMA (Carrier Sense Multiple Access) using jitter. The basic CSMA specification in Annex K is appropriate for networks with large numbers of nodes sharing a single HF frequency.

Support for S5066-EP6 “Slotted Option for STANAG 5066 Annex K” (which will be included in STANAG 4406 Ed4) provides a more efficient and robust option for networks with a small number of nodes, by use of a configured transmission slot for each node. S5066-EP6 also enables:

  • Operation with single CAS-1 soft link, which is important for interoperability and some traffic patterns.
  • Operation with multiple CAS-1 soft links, which improves sharing the HF channel and reduces soft link setup overhead.

Multi-Node Networks: WTRP

Icon-5066 also supports multi-node HF networks operating over a single HF Channel following STANAG 5066 Annex K, Wireless Token Ring Protocol (WTRP). This provides an efficient and fair way of sharing a channel between nodes. It is particularly useful in conjunction with surface wave to support naval task groups. Further information is provided in [Wireless Token Ring Protocol].


Icon-5066 provides support for ALE (Automatic Link Establishment) by use of ALE drivers. This enables use of 2G ALE, 3G ALE and 4G ALE from different vendors. Icon-5066 configures ALE by mapping peer STANAG 5066 addresses to ALE. Supported ALE units are listed with modems.

Modem Support

Icon-5066 can be configured with either one modem or two (one for transmission, one for reception). Communication with each modem uses two independent channels; Data, which is mandatory, and Control. Control is optional and will use protocol specific to the chosen modem. Most modems can be used fixed speed without control.

Icon-5066 supports STANAG 4415, STANAG 4285, STANAG 4539 and STANAG 5069 (Wideband HF) waveforms.

Modem Data Support

Icon-5066 supports the following three modem data communication options. These can be used with or without modem control. Use without modem control allows support of any HF modem as fixed speed.

  • Synchronous Serial: Required by STANAG 5066 Annex D and used operationally to communicate with Crypto devices, Icon-5066 support the Microgate family of cards and SyncLink USB device.  Current support is on Windows, with Linux support planned.
  • Asynchronous Serial: Icon-5066 supports Aysnc Serial on Windows using Windows COM ports and Linux TTY. Aysnc serial is not useful with common Crypto boxes, as they encrypt to stop bits, and so this does not follow the standard. However, it can often be useful for operation without Crypto, as many modems provide an Async Serial interface.
  • TCP using MIL-STD-188-110D Appendix A: Defines a TCP protocol to communicate data to a modem.  This is a very useful option for operation without Crypto. It is supported by the Collins family of modems.

Supported Modems & ALE Units

Icon-5066 currently supports control for the following RapidM,Thales and Collins modems:

  • RapidM RM6
  • RapidM RM8 with 2G ALE
  • RapidM RM10 with 2G ALE
  • Collins Q9600
  • Collins Q9604
  • Collins HSM 2050
  • Collins RT-4800
  • Collins RT-2200A with 4G ALE
  • Thales TRC1774

Crypto Bypass

Icon-5066 will usually be deployed with a Crypto in the data path between Icon-5066 and the modem. This is the only connectivity needed for fixed speed operation without ALE.

For ALE and variable speed on the supported modems, Icon-5066 needs a control connection to the modem. This is commonly referred to as Crypto Bypass. For some deployments, a direct connection can be made, where accreditation allows.

Commonly, it is required to use boundary devices to control flow of data between red (Icon-5066) and black (modem). Icon-5066, which is primarily a red-side product, offers a Proxy Modem component which runs on black side.  The Proxy Modem supports control of the same modems and ALE units as Icon-5066 core. 

Modem Control communicates with red side using a pair of XML Guards supporting the Guard Content eXchange Protocol (GCXP) acting as application level data diodes. Isode’s M-Guard product is recommended for use with Icon-5066 to achieve this.

Management and Monitoring

Icon-5066 is configured and monitored using a web interface. The configuration interface allows for the creation of new Icon-5066 nodes, setting of detailed parameters and the selection/configuration of drivers.

Web monitoring is provided for all of the configured nodes and includes information on:

  • Modem status (Transmit/Receive/Idle)
  • Current (or most recently used) modem parameters, including speed, interleaver and bandwidth (for STANAG 5069 WBHF)
  • Frame Error Rate for received transmissions
  • SNR measured on reception
  • STANAG 5066 send and receive transmissions with progress bar
  • Status of CAS-1 links established for ARQ communication including link and break attempts.
  • ALE status, including setup time, negotiated frequency and negotiated bandwidth for 4G ALE.
  • UI display of connected applications with status information.
  • Overall system health status (red/green/amber).
  • Link utilization.
  • ARQ Window Monitoring

Test Tools

Isode provides three test tools with Icon-5066 to assist partners in testing Icon-5066 deployments.

HF Tool

Isode partners will often need to test modems, for example to test with a modem variant that Isode does not have in house. HF Tool is an Isode application that directly uses the Icon-5066 modem drivers. It can be operated in three modes:

  1. Controlling two connected modems, so that HF tool can control what is sent and measure what is received.
  2. Controlling two modems with a channel simulator between them. This enables controlled measurements of performance with varying link conditions.
  3. Use of separate HF Tool instances for send and receive. This is useful for Over the Air testing where a single HF Tool instance cannot be connected at both ends. HF tool works in a way that enables the receiver to interpret what is sent.

HF Tool runs a range of tests to ensure good performance and operation of modem drivers in a range of conditions. It also gives a clear measure of modem performance:

  1. Basic data tests to show data transfer and data loss.
  2. Timing tests to show delays and turnaround times.
  3. Sequenced tests, so that varying speeds and interleavers can be tested with a single HF Tool run.

STANAG 5066 Console

STANAG 5066 Console is a GUI tool providing STANAG 5066 server discovery (running S5066 Console on the same HF network), HF Operator Chat (as per STANAG 5066 Annex F.7) and throughput measurements to peer S5066 Consoles with ARQ and non-ARQ traffic to measure network performance. More information on the S5066 Console can be found by following the link.


MoRaSky (Modem Radio Sky) is a software tool provided by Isode to help test Isode HF products. MoRaSky provides a service equivalent to HF modems connected to Radios and operating over the Ionosphere. It enables sophisticated testing of Icon-5066 and the applications it supports, without use of hardware or Over the Air transmission. It can operate as with a GUI or command line interface. MoRaSky can be used in one of two ways:

  1. Emulating a modern modem with data and control interfaces.
  2. Emulating a serial interface (synchronous or asynchronous) connection to a data connection to a modem with fixed parameters.

Capabilities include:

  • Emulation of one or more HF networks (multiple networks can be used for ALE and Duplex testing) with support for two or more connection points to each network.
  • Choice of geographical locations, with delays matching distance.
  • Emulation of the waveforms supported by Icon-5066 (STANAG 4415; STANAG 4285; STANAG 4539; STANAG 5069).
  • Choice of interleaver corresponding to each waveform
  • Choice of bandwidth from 3kHz to 48kHz for STANAG 5069
  • Option to simulate clear channel.
  • Configurable Bit Error Rate (BER) on output.
  • Configurable Error Clustering.
  • Option to drop initial bytes.
  • Option to emulate operation at selectable SNR value, with channel variation according to various channel models (CCIR Good; CCIR Moderate; CCIR Poor; AWGN (additive white gaussian noise)).
  • Emulation of delays corresponding to two types of Crypto.
  • Intermediate Term Variation (ITV) following Walnut Street model.
  • Variation of SNR at intervals based on specified list.
  • Simulate regular on/off interference.
  • Simulate Markov chain on/off interference.
  • Modem failure to configurable pattern.
  • Duplex channel simulation (one or two modem).
  • ALE simulation, including 4G ALE and variable bandwidth.
  • Surface Wave Simulation
  • Movement of Nodes
  • Connectivity change between nodes

Application Support

Applications connect to Icon-5066 using the STANAG 5066 SIS (Subnet Interface Service) protocol. Each application uses one of 16 SAP IDs (Service Access Point Identifier). The diagram below shows the Isode products that operate over the SIS Protocol, using the recommended SAP ID for each application. These applications will communicate with peer applications connected to remote STANAG 5066 servers.

Icon-5066 can be used with any application that uses the STANAG 5066 SIS protocol. The following two sections set out applications supported by Isode products.

STANAG 5066 Annex F

Section Title Isode Product
F.2 Subnet management client This management client is a reserved port with no protocol defined. Icon 5066 uses HTTP Web based management.
F.3 Character-Oriented Serial Stream (COSS) Client COSS is for ACP127. It is supported by the M-Switch ACP127 add-on.
F.4 STANAG 4406 Annex E - Tactical Military Message Handling (T-MMHS) Client

This protocol is supported by the ACP 142 channel in M-Switch. This can be used with:

  • STANAG 4406 Annex E.
  • MULE (Multicast Email) to support SMTP based messaging.
F.5 HMTP (HF Mail Transfer Protocol) HMTP has been replaced operationally by CFTP (F.14)
F.6 HFPOP (HF Post-Office Protocol) HFPOP does not appear to be used operationally.
F.7 Operator orderwire (HFCHAT) Also known as Operator Chat. Supported by Isode STANAG 5066 Console.
F.8 Reliable Connection-Oriented Protocol (RCOP) w/ Extended Client RCOP is a layer protocol, used in M-Switch (ACP 142) and M-Link (XEP-0365).
F.9 Unreliable Datagram Oriented Protocol (UDOP) w/ Extended Client UDOP is a layer protocol, used in M-Switch (ACP 142).
F.11 ETHER client 8 We have not identified any market requirements for Ether Client.
F.12 IP Client IP Client is supported by Icon-PEP
F.14 Compressed File Transport Protocol (CFTP) CFTP, also known as BFEM (Battle Force Email) is supported by M-Switch. Isode recommends use of MULE over ACP 142 (see F.4 above) which is provides additional functionality and higher performance for SMTP over HF.

Other Applications

In addition to the STANAG 5066 protocols defined in STANAG 5066 Annex F, there are two other Isode applications which operate directly over STANAG 5066 SIS.

M-Link supports operation over STANAG 5066. This conforms to:

  • XEP-0365: Server to Server communication over STANAG 5066 ARQ

STANAG 5066 Console supports node discovery and throughput testing. This uses a protocol that is aligned to:

  • HF Discovery, Ping and Traffic Load (S5066-APP2)