Docstoc
EXCLUSIVE OFFER FOR DOCSTOC USERS
Try the all-new QuickBooks Online for FREE.  No credit card required.

2 APPLICABLE DOCUMENTS - ICAO

Document Sample
2 APPLICABLE DOCUMENTS - ICAO Powered By Docstoc
					9/9/2011                                      SGN1 WP-604




                             Draft



                          ICAO/ATN
               Internet Communication Service
                              For
           Internet Protocol Suite Version 6 (IPS v6)


                         Prepared by: SGN-1
9/9/2011                                                               SGN1 WP-XXX



FOREWORD

This standard defines the recommended data communications protocols and services to
be used for developing ground to ground portion of the data communications networks
for the ICAO Aeronautical Telecommunications Network (ATN). The standards defined
in this document provide support ATN application and services over the Internet Protocol
Suite (IPS). This standard uses terminology based on the Open System Interconnection
(OSI) Model for the protocols and layers.




                                           i
9/9/2011                                                                                                    SGN1 WP-XXX




                                            TABLE of CONTENTS
1      INTRODUCTION..................................................................................................... 1
    1.1       GENERAL OVERVIEW ........................................................................................... 1
    1.2       PURPOSE .............................................................................................................. 1
2      APPLICABLE DOCUMENTS ................................................................................ 3
    2.1    IETF STANDARDS ................................................................................................ 3
    2.2    ICAO PUBLICATIONS ........................................................................................... 5
    2.3    DOCUMENT SOURCES ........................................................................................... 5
    3.0 ACRONYMS ............................................................................................................... 6
    3.1 DEFINITIONS .............................................................................................................. 7
4      GENERAL RECOMMENDATIONS ..................................................................... 8
    4.1       LINK LAYER SUBPROFILE ..................................................................................... 9
    4.2       NETWORK LAYER SUBPROFILE ............................................................................. 9
    4.3       TRANSPORT LAYER SUBPROFILE .......................................................................... 9
    4.4       APPLICATION LAYER SUBPROFILE ...................................................................... 10
5      DETAILED RECOMMENDATIONS .................................................................. 11
    5.1      LINK LAYER ....................................................................................................... 11
    5.2      NETWORK SUBPROFILE ...................................................................................... 12
       5.2.1     Internet Protocol (IP) ................................................................................ 12
       5.2.2     Routing...................................................................................................... 12
       5.2.3     Multi-Protocol Label Switching (MPLS) ................ Error! Bookmark not
       defined.11
       5.2.4     Error detection and reporting .................................................................... 12
       5.2.5     Neighbor Discovery .................................................................................. 13
       Neighbor discovery shall be used in accordance RFC -2461. .................................. 13
       5.2.6     Mobile IP G-G .......................................................................................... 13
       5.2.7     Network Layer Security (IPsec)................................................................ 13
       5.2.8     Quality of Services (QoS) ......................................................................... 13
       5.2.9     Transport subprofile .................................................................................. 13
       5.2.9.1 Transmission Control Protocol (TCP) ........................................................ 14
       5.2.10    Transport Layer Security (SSL/TLS) PROTOCOL ................................. 15
    5.3      APPLICATION SUBPROFILE ................................................................................. 15
       5.3.1     Support services ........................................................................................ 15
       5.3.2     Network management ............................................................................... 15
       5.3.3     Application Layer Security ....................................................................... 16
    5.4      NAMING AND ADDRESSING ................................................................................ 17
6      NOTES ................................................................................................................... 18
    6.1       SOCKETS ............................................................................................................ 18




                                                                 ii
9/9/2011                                                                                               SGN1 WP-XXX



                                                 Table of Figures
Figure 1 Transfer of information using IPS protocol architecture ...................................... 1
Figure 2 IPS Protocol Suite................................................................................................. 8
Figure 3 Subprofile layers ................................................................................................. 11




                                                              iii
9/9/2011                                                                                        SGN1 WP-XXX


1 Introduction (Robert Witzen to review and make
  recommendations)
1.1 GENERAL OVERVIEW
This standard defines the protocols, features, and layered services that should be
supported in an ICAO internet protocol suite (IPS) by implementing Internet Protocol
version 6 (IPv6) environments within the ATN. The standard will focus on documenting
the required internet protocol standards for communication services as shown
in Figure 1 for ATN users.




                Application                     FTP protocol                      Application



                                            TCP/UDP protocol
                TCP/UDP                                                           TCP/UDP

                                                    router
                              IP protocol                           IP protocol
                    IP                               IP                               IP



                 Ethernet     token ring Ethernet                   token ring
                              protocol                       MPLS   protocol       802.X
                  driver                  driver

                                                                    token ring
                              Ethernet

                                                BGP-4


                    Figure 1 Transfer of information using IPS Architecture



Specified in this sub-volume are the minimum protocols and services that may be
implemented by mutual agreement between ICAO member states for ATN connectivity.
The minimum set defined herein may be exceeded by additional requirements if required
for a particular service or if mutually agreed to by all service participants. The
supplemental requirements shall be documented and distributed to all participants.


   1.2 PURPOSE
The purpose of this document is to provide a standardized set of IPS protocols, reference
the appropriate ATN service elements that are available for implementation within the
ATN based ground-to-ground networks. Additionally, the implementation of the



                                                      1
9/9/2011                                                                SGN1 WP-XXX


specified protocols and services will enable aeronautical systems to be compatible with
the ATN and enable support for current and future ATN services.




                                            2
9/9/2011                                                                 SGN1 WP-XXX


2 APPLICABLE DOCUMENTS
   2.1 IETF STANDARDS
The following documents form a part of this standard to the extent specified herein. In the
event of conflict between the documents referenced herein and the contents of this
standard, the contents of this standard shall be considered the superseding document.

Internet Standards (IETF)

RFC-768               User Datagram Protocol, August 1980
RFC-793               Transmission Protocol, September 1981
RFC-1055              Nonstandard for transmission of IP Datagrams over serial Lines:
                      SLIP, June 1988
RFC-1101              DNS Encoding of Network Names and Other Types, April 1989
RFC-1122              Requirements for Internet Host-Communications Layers, October
                      1989
RFC-1123              Requirements for Internet Host-Application and Support, October
                      1989
RFC-1155              Structure and Identification of Management Information for IPS-
                      based Internets, May1990
RFC-1156              Management Information Base for Network Management of IPS-
                      based internets, May 1990
RFC-1183              New DNS RR Definitions, October 1990
RFC-1213              Management Information Base for Network Management of IPS-
                      based internets: MIB-II, March 1991
RFC-1633              Integrated Services in the Internet Architecture: an Overview, June
                      1994
RFC-1706               DNS NSAP Resource Records, October 1994
RFC-1887              An Architecture for IPv6 Unicast address Allocation,
                      December1995
RFC-1918              Address Allocation for Private Internets, February 1996
RFC-1998              An Application of the BGP Community Attribute in Multi-home
                      Routing, August 1996
RFC-2005              Applicability Statement for IP Mobility Support, October 1996
RFC-2212              Specification of Guaranteed Quality of Service, September 1997
RFC-2273              SNMPv3 Applications, January 1998
RFC-2373              IP Version 6 Addressing Architecture, July 1998
RFC-2375              IPv6 Multicast Address Assignments, July 1998
RFC-2401              Security Architecture for the Internet Protocol, November 1998
(check)
RFC-2402              IP Authentication Header, November 1998
RFC-2406              IP Encapsulating Security Payload (ESP), November 1998
RFC-2460              Internet Protocol, Version 6 (IPv6) Specification, December 1998
RFC-2461              Neighbor Discovery for IPv6, December 1998
RFC-2462              IPv6 Stateless Address Auto configuration, December 1998
RFC-2463              ICMPv6 for the IPv6 Specification, December 1998


                                            3
9/9/2011                                                       SGN1 WP-XXX


RFC-2470      Transmission of IPv6 Packets over Token Ring Networks,
              December 1998
RFC-2474       Definition of the Differentiated Services Field (DS Field)
               in the IPv4 and IPv6 Headers, December 1998
RFC-2510      Internet X.509 Public Key Infrastructure Certificate Management
              Protocols, March 1999
RFC-2535      Domain Name System Security Extensions, March 1999
RFC-2545      Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain
              Routing, March 1999
RFC-2547bis    IP VPN, December 2005
RFC-2585      Internet X.509 Public Key Infrastructure Operational Protocols:
              FTP and HTTP, May 1999
RFC-2702      Requirements for Traffic Engineering over MPLS, September
              1999
RFC-2732      Format for Literal IPv6 Addresses in URL's, December 1999
RFC-2740      OSPF for IPv6, December 1999
RFC-2773      Encryption using KEA and SKIPJACK, February 2000
RFC-2821      Simple Mail Transfer Protocol, April 2001
RFC-3031      MPLS Architecture, January 2001
RFC-3032      MPLS Label Stack Encoding, January 2001
RFC-3168      The Addition of Explicit Congestion Notification (ECN) to IP,
              September 2001
RFC-3232      Assigned Numbers, October 2003
RFC-3246      An Expedited Forwarding PHB (Per-Hop Behavior), March 2002
RFC-3260      New Terminology and Clarifications for Diffserv, April 2002
RFC-3300      Internet Official Protocol Standards, November 2002
RFC-3315      Dynamic Host Configuration Protocol for IPv6, July 2003
RFC-3376      Internet Group Management Protocol, Version 3, October 2002
RFC-3422      An Architecture for Describing Simple Network Management
              Protocol (SNMP) Management Frameworks, December 2002
RFC-3414      User-based Security Model (USM) for version 3 of the Simple
              Network Management Protocol (SNMPv3), December 2002
RFC-3442      The Classless Static Route Option for Dynamic Host Configuration
              Protocol (DHCP) version 4, December 2002
RFC-3513      IPv6 Addressing Architecture for Unicast, Anycast, Multicast, and
              an IPv6 node’s required Addresses
RFC-3546      Transport Layer Security (TLS) Extensions, June 2003
RFC-3596      DNS Extensions to Support IP Version 6, October 2003
RFC-3646      DNS Configuration options for Dynamic Host Configuration
              Protocol for IPv6 (DHCPv6), December 2003
RFC-3697      IPv6 Flow Label Specification, March 2004
RFC-3775      Mobility Support in IPv6, June 2004
RFC-4068      Fast Handovers for Mobile IPv6, July 2005
RFC-4140      Hierarchical Mobile IPv6 Mobility Management (HMIPv6), August
              2005




                                   4
9/9/2011                                                                        SGN1 WP-XXX


RFC-4283                  Mobile Node Identifier Option for Mobile IPv6 (MIPv6),
                          November 2005

  2.2   ICAO PUBLICATIONS

ICAO ATN Doc. 9705 Edition 3 Profile Requirement List ISO-8571-5: File Transfer,
Access, and Management – Part: Protocol Implementation Conformance Statement
(PICS) Proforma

ICAO Doc. 9739 Comprehensive Aeronautical Telecommunication Network (ATN)
Manual

   2.3 DOCUMENT SOURCES
Obtain copies of the applicable documents or standards by contacting the appropriate
organizations.

Request for Comments (RFCs)

Copies of RFC may be obtained from DS.INTERNIC.NET via File Transfer Protocol
(FTP), Wide Area Information Service (WAIS), and electronic mail.

If FTP is used, RFCs are stored as rfc/rfcnnnn.txt or rfc/rfcnnnn.ps where "nnnn" is the
RFC number. Login as "anonymous" and provide your E-Mail address as the password.
If WAIS is used, the local WAIS client or Telnet to DS.INTERNIC.NET can be used.
Login as "wais" (no password is required) to access a WAIS client; help information and
a tutorial for using WAIS are available online. Search the "rfcs" database to locate the
desired rfc.

If electronic mail is used, send a mail message to mailserv@ds.internic.net and include
any of the following commands in the message body:
           document-by-name rfcnnnn      where "nnnn" is the RFC number; the text
                                                   version is sent

           file/ftp/rfc/rfcnnnn.yyy      where "nnnn" is the RFC number and "yyy" is
                                                   "txt" or "ps"
ICAO Document

Copies of ICAO documents can be obtained by contacting ICAO and requesting the
appropriate documents.




                                                5
9/9/2011                                                      SGN1 WP-XXX



3.0 ACRONYMS
The acronyms used in this standard are defined as follows:

API               Application Programming Interface
ATM               Asynchronous Transfer Mode
ATN               Aeronautical Telecommunication Network
ARP               Address Resolution Protocol
BGP               Border Gateway Protocol
CL                Connection-less
CMIP              Common Management Information Protocol
CO                Connection-oriented
DGRAM             Datagram
DNS               Domain Name System
ECN               Explicate Congestion Notification
EGP               Exterior Gateway Protocol
FTP               File Transfer Protocol
G-G               Ground- to- Ground
GUI               Graphical User Interface
ICAO              International Civil Aviation Organization
ICMP              Internet Control Message Protocol
IETF              Internet Engineering Task Force
IGMP              Internet Group Management Protocol
IGP               Interior Gateway Protocol
I/O               Input/Output
IP                Internet Protocol
IPCP              Internet Protocol Control Protocol
IPSec             Internet Protocol Security
ISO               International Standards for Organization
LAN               Local Area Network
MPLS              Multi-Protocol Label Switch
MTU               Maximum Transmission Unit
OSI               Open System Interconnection
OSPF              Open Shortest Path First
RARP              Reverse Address Resolution Protocol
RFC               Request for Comments
RIP               Routing Information Protocol
SNMP              Simple Network Management Protocol
SSH               Secure Shell
SSL               Secure Socket Layer
TCP               Transmission Control Protocol
TLS               Transport Layer Security
UDP               User Datagram Protocol
WAIS              Wide Area Information Service
WAN               Wide Area Network



                                           6
9/9/2011                                                              SGN1 WP-XXX


3.1 DEFINITIONS

Internet         A three-level hierarchy composed of backbone networks (e.g.
                 Advanced Research Projects Net [ARPAnet], National Science
                 Foundation Net [NSFNet], Military Network [MILNET]) and
                 Mid-level network stub networks. These include commercial
                 (.com or .co), university (.ac or .edu), other research networks
                 (.org or .net), and military (.mil) networks. It spans many different
                 physical networks around the world with various protocols
                 including the IP.

Network          Hardware and software data communication systems.

Profile          Defines implementation conformance constrain on a set of
                 reference specifications.

Protocol         A set of rules and formats (semantic and syntactic) which
                 determines the communication behavior between peer entities in
                 the performance of functions at that layer.

Socket           A socket is defined as "the endpoint in a connection." Sockets are
                 created and used with a set of programming requests or "function
                 calls" sometimes called the sockets application programming
                 interface (API). The most common sockets API is the Berkeley
                 Unix C interface for sockets. Sockets can also be used for
                 communication between processes within the same computer.

Subnetwork       An actual implementation of data network that employs a
                 homogeneous protocol and addressing plan and is under control of
                 a single authority.

Subprofile       A subset of a profile that supports a specific protocol layer in a
                 network application.

World Wide Web   An internet client-server distributed information retrieval system
                 which originated in the CERN High-Energy Physics laboratories
                 in Geneva, Switzerland.




                                       7
9/9/2011                                                                          SGN1 WP-XXX



4 GENERAL RECOMMENDATIONS
This section specifies general recommendations for implementing the IPS protocols
within a network. The IPS allows computers of all sizes, using different operating
systems, to exchange air traffic data information’s by using layer protocols that perform
different functions at different layers of the data exchange. The complete set of protocols
necessary for this communication is referred to as a protocol suite. Depicted in Figure 2 is
a typical protocol suite; the suite will vary for each application and is dependent upon the
implemented network services.



             Doc 9705            FTP           SNMP v3         DNS
                                                                             Application
                        XML
                                              TFTP                   BOOTP
                                                                               Layer


                                                                             Transport
                        TCP                              UDP
                                                                               Layer

                                                                              Network
                                       IPv6
                                                                               Layer

             ICMPv6           BGP4             MPLS              802.X

                                                                             Link Layer
                               Network Access Links




                               Figure 2 IPS Protocol Suite

Each layer of the protocol suite supports the implementation of a different function
within a communication network. The lower layer will typically provide transmission
services to the upper layer. In order to implement the desired network functions, a layer
can consist of more than one protocol. The grouping of protocols that support the
functional requirements of a protocol layer is referred to as a subprofile.

The link subprofile, also referred to as the network access layer, provides the physical
interface to the network. This layer is where the electrical and mechanical characteristics
are defined for the network and is not subject to this document.

The network subprofile, also know as the internet layer, provides for the movement of
data packets around the network. This layer handles packet routing, addressing, packet
fragmentation, QoS, reassembly and security.


                                                 8
9/9/2011                                                                 SGN1 WP-XXX



The transport subprofile provides end-to-end communications between two end systems.
This layer is used to provide both reliable and unreliable services for an application
depend on the requirements and specifications.

The application subprofile provides the functions and services to an end-user. A few of
the services provided are security (remote login), file transfer over the network, and
electronic mail delivery.

      Implementation of IPS systems that will connect to the Internet systems should be
       in accordance with RFC-3300, Internet Official Protocol Standards.
      Implementation of the network management system in an IPS network should be
       in accordance with Systems Management.

Subnetworks that will interface and support communications with the OSI/ISO-based
international Aeronautical Telecommunication Network (ATN), shall implement the
practices and standards contained in the following document:

      International Civil Aviation Organization (ICAO) Doc 9705, Edition 3.

   4.1 LINK LAYER SUBPROFILE
The link layer, or media access layer, normally includes the device drivers for the
operating system and the corresponding network access in the computer. General
recommendations for implementation of the link layer should be done in accordance with
applicable project or program requirements. Detailed recommendations for the network
layer are contained in Section 5.1 Network subprofile of this document

   4.2 NETWORK LAYER SUBPROFILE
The network layer handles the movement of packets around the network. This layer
performs address conversion between internet protocol addresses and Ethernet addresses
in local area network (LAN) environments. This layer also defines the gateway interface,
multicast specifications, and low-level network management.

General recommendations for implementation of the network layer should be done in
accordance with RFC-1122, Requirements for Internet Hosts-Communication Layer.
Detailed recommendations for the network layer are contained in Section 5.2 Network
subprofile of this document.

   4.3 TRANSPORT LAYER SUBPROFILE
The transport layer provides a flow of data between two hosts for the application layer
above it. In the IPS, there are two vastly different transport protocols: one for reliable
connection-oriented service, and the other for unreliable connectionless service. General
recommendations for implementation of the transport layer should be done in accordance
with RFC-1122, Requirements for Internet Hosts-Communication Layer. Detailed
recommendations for the transport layer are contained in Section 5.3, Transport
subprofile, of this document.


                                            9
9/9/2011                                                               SGN1 WP-XXX


   4.4 APPLICATION LAYER SUBPROFILE
The application layer handles the details of specific application programs. General
recommendations for implementation of the application layer should be done in
accordance with RFC-1123, Requirements for Internet Hosts-Application and Support.
Detailed recommendations for the application layer are contained in Section 5.4, User
extended subprofile, of this document.




                                          10
9/9/2011                                                                  SGN1 WP-XXX


5 DETAILED RECOMMENDATIONS
This section specifies the detailed recommendations necessary to implement IPS
protocols within and between an ATN subnetwork. Contained in the following sections
are the RFC’s recommendations that network implementers should follow in order to
provide a consistent and uniform data transmission environment between ATN users.

The protocols used and the number of layers in the protocol hierarchy are dependent upon
the type of services the network will provide to the end user. The individual layer of a
protocol stack is referred to as a subprofile. Each subprofile consists of identifying the
protocols for a specific layer that will allow the network to provide the desired services.

The IPS subprofile layers are shown in Figure 3.




                 User        User              User       User
                                                                    application
                Process     Process           Process    Process



                            TCP                         UDP         transport




                  ICMP                 IP                IGMP       network



                                  Hardware
                 MPLS                                    802.x        link
                                  Interface


                                      media


                               Figure 3 Subprofile layers


   5.1 LINK LAYER
The link subprofile often specifies the protocols that provide services corresponding to
the physical and data link layers. Users may be directly connected to either the ATN
backbone Wide Area Network (WAN) or to an ATN access LAN. Backbone WAN end-
systems adhere to the backbone WAN subprofile, which are typically based on Frame
Relay (FR), Ethernet, Token Ring or any desired WAN technology. The link protocols
should be implemented in accordance with the specification applicable to the physical




                                                 11
9/9/2011                                                                   SGN1 WP-XXX


interface. This is a local matter and should be implemented as specified by the member
state.

   5.2 NETWORK SUBPROFILE
The network subprofile specifies the protocols that provide services corresponding to the
network layer. The protocol used in the IPS networks is IPv6. IPv6 is designed for use in
interconnected packet-switched computer communication networks and provides
addressing and fragmentation services.

  5.2.1        Internet Protocol (IP)

IPv6 support shall be in accordance with RFC-2460, Internet Protocol. In addition to
congestion notification must conform to RFC-3168, RFC-3260, and RFC-3697.

5.2.1.1        Network addressing
Network addressing requirements shall be in accordance ICAO Doc. 9705 and map to
IPv6 addressing by using the following RFC’s:

         RFC-1887, An architecture for IPv6 Unicast address allocation
         RFC-1998, Address allocation for private internet
         RFC-2373, IPv6 addressing structure
         RFC-2375, IPv6 Multicast address assignments
         RFC-3232, Assigned Numbers
         RFC-3513, IPv6 addressing architecture for Unicast, Multicast, Anycast, and an
          IPv6 node’s required address
         RFC-3596, DNS extension to support IPv6
         ATNP/WGB-1/WP/304, Mapping between ATN NSAP and IPv6 Addresses

       5.2.2    Routing

The process of delivering a message across a network or networks via the most
appropriate path is done using routing protocols. The following protocols are the most
commonly used protocols in networks: OSPFv3, BGPv4+, RIP and IS-IS. The following
RFC’s shall be used for interior and exterior routing in ATN environments.

         RFC-2470, OSPF for IPv6 (Delete)kelly
         RFC-2545, Boarder gateway protocol (BGP) version 4+
         Draft RFC for IS-IS using IPv6 address, www.ietf.org/internet-draft-ietf-isis-wg-
          multi-topology-06.txt

       5.2.3    Error detection and reporting

Error detection and reporting (check on title and content of RFC) Kelly should be
accomplished using RFC-2463, ICMPv6.




                                              12
9/9/2011                                                                   SGN1 WP-XXX


       5.2.4   Neighbor Discovery

Neighbor discovery shall be used in accordance RFC -2461.

       5.2.5   Mobile IP G-G

Mobile IP protocol is designed network support for wireless LANs. Mobile IP should be
implemented in accordance with RFC 2005, Applicability Statement for IP Mobility
Support, accompanied with RFC-3775, RFC-4068, RFC-4140, and RFC-4283 (optional).
(Move to Guidance Materiel Kelly)

       5.2.6   Network Layer Security (IPsec)

The goal of the architecture is to provide various security services for ATM traffic. The
set of security services offered includes access control, connectionless integrity, data
origin authentication, protection against replays (a form of partial sequence integrity),
confidentiality (encryption), and limited traffic flow confidentiality. These services are
provided at the IPv6 specifications. Security shall be implemented in accordance with
the following RFCs: 2401, 2402, 2406, 2535, 2732, and 3697.

       5.2.7   Quality of Services (QoS)

QoS encompasses the capability of a network to provide prioritized communications
services in a quantifiable manner for defined network traffic classes [note: traffic at the
class level is classified by the Class of Services (CoS)], over various underlying
communication technologies, in accordance with stakeholder needs. Relevant metrics for
QoS include:

       Service Availability – Reliability of users’ connection to the network
       Delay – time taken by a packet to traverse the network from end to end
       Delay jitter – Variation of delay encountered by similar packets following the
        same route through the network
       Throughput – Rate at which packets go through the network
       Packet Loss Rate – Rate at which packets are dropped, get lost, or become
        corrupted while going through the network

QoS for ATN shall be in accordance with RFCs -1633, 2212, 2474, 2702, 2547, 3031,
3168, 3246, and 3260.

Some of the RFCs are too generic, need to add information on QOS signaling and flow
labels. Focus on IPv6 support, cover header information (Kelly to add information)

       5.2.8   Transport subprofile




                                             13
9/9/2011                                                                   SGN1 WP-XXX


The transport subprofile specifies the protocols that provide services for the transport
layer of the IPS protocol stack. Transport protocols regulate flow, detect and correct
errors, and multiplex data, on an end-to-end basis.

The IPS transport layer will support two transport subprofiles connection-oriented (CO)
and connection-less (CL) transport subprofile.

CO service is provided using the TCP, which is the primary virtual-circuit transport
protocol for IPS. TCP provides reliable, in-sequence delivery of a full-duplex data stream
and is used by applications requiring reliable, CO service (i.e., single mail transfer
protocol [SMTP], FTP, Telnet).

CL service is provided using the UDP, which offers minimal transport service and does
not provide guaranteed delivery. This protocol gives applications direct access to the
datagram service of the IP layer. The only services this protocol provides over IP are
checksumming of the data and multiplexing by port number. Therefore, applications
running over UDP should deal directly with end-to-end communication problems that a
CO protocol would have handled (i.e., transmission for reliable delivery, packetization
and reassembly, flow control, etc.). UDP is used by applications that do not require the
level of service that TCP provides or if communications services that TCP does not
provide (i.e., broadcast, multicast) are to be used.

Implementation of the Transport subprofile should be done in accordance with RFC-
1122, Requirements for Internet Hosts-Communication Layers.

5.2.9.1 Transmission Control Protocol (TCP)

The reliable, connection oriented communication protocol used in IPS networks should
be TCP. The protocol shall be implemented in accordance with RFC-793, Transmission
Control Protocol. In addition, RFC-793 shall be accompanied by RFC-3168, The
Addition of Explicit Congestion Notification (ECN) to IP.

5.2.8.2      User Datagram protocol (UDP)
For unreliable, connection-less oriented communication protocol used in IPS networks
shall be UDP. The protocol shall be implemented in accordance with RFC-768, User
Datagram Protocol.


     5.2.9    Convergence Service for Non-IPS Applications


RFC1006 (Andy Colon)


     5.2.10 Transport Layer Security



                                             14
9/9/2011                                                                  SGN1 WP-XXX


5.2.10.1 Secure Socket Layer/Transport Layer Security (SSL/TLS)
        PROTOCOL
SSL creates a secure connection between a client and a server, over which any amount of
data can be sent securely. The implementation of the SSL/TLS protocol should be in
accordance with RFC-2246 and RFC-3546. (Vic Patel and Tom McParland to validate
and add information if necessary)

  5.3     APPLICATION SUBPROFILE (MOVE TO SEPARATE
          DOCUMENT)
The application subprofile provides services corresponding to the application layer.
The Application Layer allows for functions and services required by particular user-
designed application processes. Functions satisfying particular user requirements are
contained in this layer. Transfer of information necessary to communicate between
applications is the responsibility of the lower layers. The applications available are
dependent upon the implemented transport layer and end-user requirements.

The application subprofile is transport layer specific and cannot be interchanged between
the transport subprofiles. Therefore, exercise caution when implementing an application
subprofile. Prior to implementing an application subprofile verify that the applicable
transport layer is supported by the network.

     5.3.1    Support services

The following sections cover the protocols necessary to supply support services. The
standard support services are domain name system, host initialization, and network
management. Implementation of these services should be in accordance with RFC-1123,
Requirements for Internet Hosts-Application and Support.




5.3.1.1      Domain name system (DNS)
A host must implement a resolver to convert host names to IP addresses and vice-versa.
Implementation of a domain name system should be in accordance with the following
RFCs:
    RFC-2821, Mail Routing and the Domain System,
    RFC-1101, DNS Encoding of Network Names and Other Types,
    RFC-1183, New DNS RR Definitions,
    RFC-1706, DNS NSAP Resource Records.

Need to define DNS structure, check with IATA and EUROCONTROL

     5.3.2    Network management



                                            15
9/9/2011                                                                SGN1 WP-XXX


Current network management framework for IPS-based internets consists of Structure
and Identification of Management Information for IPS-based internets, RFC 1155, and
Management Information Base for Network Management of IPS-based internets: MIB-II,
RFC-1213, and the Simple Network Management Protocol, RFC 3411. The RFC-1155
describes how managed objects contained in the Management Information Base (MIB)
are defined. While, RFC-1155 describes the managed objects contained in the MIB (and
supercedes RFC-1156), RFC-3411 defines the protocol used to manage these objects.
RFC-1213, along with RFC-1155, provide a simple, workable architecture and system for
managing IPS-based internets.

RFC-1213 should be accompanied by RFC-2011, SNMPv2 Management Information
Base for the Internet Protocol using SMIv2, RFC-2012, SNMPv2 Management
Information Base for the Transmission Control Protocol using SMIv2, and RFC-2013,
SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2.

Network management should be implemented using either simple network management
protocol (SNMP) over UDP or common management information protocol (CMIP) over
TCP. Therefore, in order to allow management to be performed by either protocol, a host
should implement an appropriate management agent for both SNMP and CMIP.
Implementation of network management should be in accordance with FAA-HDBK-002,
Systems Management. (DELETE)


5.3.2.1      Simple Network Management Protocol (SNMP)
SNMPv3 should be done in accordance to RFC-3411, An Architecture for Describing
SNMP Management Frameworks, RFC-3412, Message Processing and Dispatching for
the Simple Network Management Protocol (SNMP), RFC-3413, SNMP Applications,
RFC-3414, User-based Security Model (USM) for version 3 of the Simple Network
Management Protocol (SNMPv3), and RFC-3415, View-based Access Control Model
(VACM) for the Simple Network Management Protocol (SNMP).

SNMP version 2 should be done in accordance with RFC-2578, Structure of Management
Information Version 2 (SMIv2), RFC-2579, Textual Conventions for SMIv2, and RFC-
2580, Conformance Statements for SMIv2.

     5.3.3    Application Layer Security

Security services provided by the following protocols are implemented in the lover levels
as well as in the application layer.

5.3.3.1.1       LDAP


5.3.3.2      Public Key Infrastructure (PKI)
Systems implementing Public Key Infrastructure (PKI) for IPS based systems should be
implemented according to RFC-2510, Internet X.509 Public Key Infrastructure


                                           16
9/9/2011                                                              SGN1 WP-XXX


Certificate Management Protocols, and RFC-2585, Internet X.509 Public Key
Infrastructure Operational Protocols: FTP and HTTP, Internet X.509 Public Key
Infrastructure Certificate and CRL Profile.


  5.4 NAMING AND ADDRESSING
System naming and addressing should be in accordance with ICAO Doc.9705 edition 3.
(Check with Bolek from EUROCONTROL for their info as stated in Chiang Mai Check
with IATA for naming plan)




                                         17
9/9/2011                                                                  SGN1 WP-XXX


6   NOTES

       6.1      SOCKETS (MOVE TO GUIDANCE MATERIAL)
A socket is one end of a two-way communications link between two programs running on
a network. Sockets are used to implement the connection between a client program and a
server program. Mail, FTP, Telnet, name, and finger are all examples of services
provided by computers on a network. Typically, each service is provided on a dedicated,
well-known port. A program can access a specific service by connecting to the port
dedicated to that service. In addition to the ports that are dedicated to specific services,
computers also have other ports that let programmers create their own services. Typically
ports are numbered and a program connects to a port by specifying the port number of the
service. Each service or port recognizes a certain protocol, so requests should be
formulated in a manner specific to the desired service. This ensures that a request is
understood and a response is received. Port assignments should be in accordance with
RFC-3232, Assigned Numbers: RFC 1700 is replaced by an On-line Database.

Typically UNIX systems use Berkeley Sockets, System V Transport Layer Interface
(TLI), and Remote Procedure Call (RPC) API. Berkeley Sockets and System V TLI
provide the same functionality, which is access to TCP and UDP, and are mutually
exclusive. However, it is possible to write conditionally-compiled software to support
either API. RPC supports network subroutines using Sun's RPC protocol. Microsoft has a
sockets-like programming interface, but emphasizes event-based non-blocking to provide
constant handling of graphical user interface (GUI) events.
UDP communications requires DGRAM sockets. Once created, a DGRAM socket can
immediately be used to transmit UDP packets. TCP requires STREAM sockets; a
STREAM socket cannot send or receive data until a connection has been established.
Therefore, prior to implementing an application, the applicable socket must be available
to support end-to-end communications.




                                            18

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:15
posted:9/10/2011
language:English
pages:22