PENS Symposium 17 th & 18 th October 2012 AMHS Transition to PENS Use Case
Content Requirements Process / procedures Current status 2
Requirements The AMHS requires a reliable IP infrastructure which is: redundant, secure and well tested. Especially the last requirement (to be well tested) is a challenge for the involved teams due to their different and independent work areas as there are: local area infrastructure teams wide area infrastructure teams and firewall administration teams 3
Process / procedures In order to fulfil the IP infrastructure requirements for any application (not only for AMHS) following tests shall be performed: PENS Basic Tests, PENS Extended Tests and Pre-operational Infrastructure Tests Basic PENS Document: PENS - ANSP VPN Acceptance Test Procedure IP Infrastructures Version 0.5, accepted by PUG#15 and updated at 10 th of May 2012 This document covers all three above tests (Basic, Extended and Pre-operational Infrastructure Tests) and refers regarding AMHS to the ICAO IP Infrastructure Test Guidelines. 4
Principle PENS Gateway Design 5
Objectives of PENS Basic Tests The PENS Basic Tests have already been partly executed by Eurocontrol/SITA in coordination with each ANSP. The purpose of these tests is to verify the connectivity between the PENS customer edge (CE) routers. Tests include: Failover tests on WAN access, Line failover tests of the access line. Measurement of delay between SITA-SITA routers, MTU Size and Packet loss (5.000 pings with 2.000 bytes and 5.000 pings with 64bytes from CE to PE). The test documentation will be provided by SITA based on the principles of the Standard for Site Acceptance process and the template for PENS Site Acceptance Test. 6
Objectives of PENS Extended Tests The PENS Extended Tests require the network-to-network interface between SITA and ANSP up and running. Tests include for each VPN: IP connectivity between PENS CE router and ANSP border router, BGP (Status of peering, Prefixes exchanged in both directions) The above in IPv4 for all ANSP VPN s and in IPv6 for the messaging VPN s End-to-end connectivity test from an ANSP customer IP to reference IP address, LAN failover test (physical), WAN failover test (logical). Tests include also CoS (Class of Service) tests per VPN for: TCP: throughput and delay for each class; UDP: throughput, delay and packet loss for each class. 7
Objectives of the Pre-operational Infrastructure Tests The objectives of the IP Infrastructure Tests are to: test the IP connectivity between future application systems, e.g. AMHS, in a test and/or operational environment; test the recovery of non-redundant or redundant connections; and measure the time the recovery takes. Pre-operational Infrastructure Tests include: Ping tests between both hosts with different packet sizes to measure round trip delay and packet loss in both directions. Redundancy tests of involved components of the end-to-end chain (routers, switches, firewalls) to measure recovery time at failover. Performance tests of the end-to-end chain to measure throughput and delay. 8
Viewpoint of AMHS application The viewpoint of the AMHS application for the IP infrastructure Testing is laid down in the ICAO Document: IP Infrastructure Test Guidelines for EUR AMHS The Version 1.0 was adopted by AFSG/16 in April 2012 and was published on the Website of the EUR/NAT ICAO Regional Office Paris. Especially the measurement of the recovery time at failover (Latency) caused by the different potential levels of influences (failing areas) has a high priority for the AMHS application in order to decide about rerouting strategies. 9
Levels of influence in a generic redundant IP Infrastructure 10
Current status - PENS Basic Tests The PENS Basic Tests were performed by SITA and completed in October 2010 (EAD VPN) and April 2011 (ANSP Test Backbone) Findings: Test Documentation is not published until now. Delivery of the redundant power supply units for the SITA CE Routers at Langen and Maastricht was a requirement for operational use of the PENS ANSP Backbone. 11
Current status - PENS Extended Tests First PENS Extended Tests were performed January 2012 in cooperation with AENA/Spain. Findings: Set up of CoS was not fully applied Recovery time at failover didn t meet the expectations for OLDI/FMTP (Requirement: less than 10 seconds) Introduction of BFD (Bidirectional Forwarding Detection) resulted not in the expected time range. Further tests need to be executed to validate CoS profile and convergence time (October 2012). 12
Current status Pre-operational Infrastructure Tests Pre-operational Infrastructure Tests as described were performed for non-pens connections only: Frankfurt Hausen (German Mil COM Centre) and Frankfurt Moscow Planned Pre-operational Infrastructure Tests with RAPNET partners: Belgocontrol MUAC LVNL ANA Luxembourg Pre-operational Infrastructure Tests are planned with PENS partners: AENA/Spain, EUROCONTROL, Network Manager (CFMU), 13
AMHS Application Tests and Operations After the successful performance of the IP Infrastructure Tests the AMHS Application Tests the AMHS Interoperability Tests and Preoperational Tests in accordance with the EUR AMHS Manual will be performed. The target of the Pre-operational Tests is a smooth transition to full AMHS Operations between the COM Centres involved. After successful tests with AENA/Spain AMHS operation between Langen and Madrid over PENS in 2012 might be feasible. 14
Thank you for your attention. Questions?