http://breakingdefense.com/2017/07/army-struggles-to-streamline-its-networks-for-war/
Imagine having to show up in a battle zone and have a network setup nearly instantly - and for troubleshooting to be relatively easy and straightforward to do.
Now imagine the reality those troops most likely have to face... would *you* be able to do a debug on a WLC to fix an OSPF issue with the satellite network, while under artillery fire?
Quote from: deanwebb on July 26, 2017, 01:24:35 PM
http://breakingdefense.com/2017/07/army-struggles-to-streamline-its-networks-for-war/
Imagine having to show up in a battle zone and have a network setup nearly instantly - and for troubleshooting to be relatively easy and straightforward to do.
Now imagine the reality those troops most likely have to face... would *you* be able to do a debug on a WLC to fix an OSPF issue with the satellite network, while under artillery fire?
That's cause trump won't let his transgender supporters in the military, or any for that matter.
Politics aside - and we should put them aside on the forum C:-) - they've got lots of really cool gear that is also very hard to use. I would not want to be trying to do my job in battlefield conditions, let alone be dealing with a product for the first time in a battle.
Quote from: deanwebb on July 26, 2017, 02:02:38 PM
Politics aside - and we should put them aside on the forum C:-) - they've got lots of really cool gear that is also very hard to use. I would not want to be trying to do my job in battlefield conditions, let alone be dealing with a product for the first time in a battle.
...talk about blowing up a network......hahahahahahahahahahha
Quote from: ristau5741 on July 26, 2017, 03:17:26 PM
...talk about blowing up a network......hahahahahahahahahahha
ROFL
This actually sounds like a fun challenge. Give them a week or so of solid training for a super standardized system
Fun challenge all right... but what happens when stuff goes wrong? How good is that 1-week class going to be if they get hit with a CCIE-grade issue just as the Russian tanks pop around for a quick chat?
I look at it where even the troubleshooting needs to be simplified - and streamlined. How long does it take to turn everything off and on again? Can the stuff be brought up in any order? What dependencies need to be addressed and removed so that the system as a whole is more resilient?
That's where the design comes into play. The system would need to come up in any order and just work for the people in the field. I actually use to work for a radio company (like cops carry) that did military systems (For around bases and such, don't think we did much for out mobile for the military). We did do mobile radio systems for search and rescue/cops/etc though. They had servers and radio stations in the truck, with a satellite link or cellular modem (depending on how remote the system was) DMVPN link back to the main system (or a mobile self contained system). I can't speak for the servers but the network part was solid as a rock. Everything had a spot to plug into (and very port/cable was well documented). Those systems got tested for months before they were sent out, if there was 1 missing packet in a call that was a failed call, and we had to pass 99.999% of calls, each call had thousands of packets. We had multiple systems that went to trade shows every week that called back to our data-center or the AWS cloud (depending on what system). No startup order or TSing needed.
Now, make sure the database guys have done their bit...
:oracle:
And that the application writers didn't write code with poor error handling...
:mssql:
And, hopefully, the Windows server guys are on top of their game...
:whatudo:
Well, um, er... from the looks of things, it may be a looooooooooooong night here...
Sadly I can't control other people's work quality :-(
Setting up some of those military grade comms protocols, probably ain't like fishing in a barrel. something you can do, get good at and never use again.
And there's the rub, because we all know that more security usually means implementing a deliberate obstacle or inconvenience. We *could* get those networks up and running in an instant with Meraki and an open SSID, but we'd rather not have $ENEMY on the same network as our soldiers.
So we also need a guest SSID for our military networks in the field... right?
:ivan:
Sounds like the army needs some automation.
How hard is it to plug a satellite (that can do L3) into a switch. VPN to HQ Controller. Done.
Obviously there needs to be some form of access/authentication to prevent hijacks/stolen infrastructure.
Quote from: LynK on July 31, 2017, 12:51:36 PM
Sounds like the army needs some automation.
How hard is it to plug a satellite (that can do L3) into a switch. VPN to HQ Controller. Done.
Obviously there needs to be some form of access/authentication to prevent hijacks/stolen infrastructure.
And I'm guessing that it's the TACACS+ config that doesn't automate so easily...
Don't forget making sense of the stuff that utilizes that network. Maybe the switch and router were easy-peezy to set up, but what happens when the mobile rocket launcher requires a static IP and the kid running it doesn't know DHCP from a hole in the ground?
Quote from: deanwebb on July 31, 2017, 02:56:25 PM
mobile rocket launcher requires a static IP and the kid running it doesn't know DHCP from a hole in the ground?
The answer to this is DHCP static leases/reservations.
Quote from: LynK on August 01, 2017, 07:40:19 AM
Quote from: deanwebb on July 31, 2017, 02:56:25 PM
mobile rocket launcher requires a static IP and the kid running it doesn't know DHCP from a hole in the ground?
The answer to this is DHCP static leases/reservations.
But on which VLAN?
There's another article: http://breakingdefense.com/2017/07/build-bare-bones-network-small-satellites-for-multi-domain-battle/
This one mentioned how different services have different networks, and getting them to play together is something that they want to do.
Also, they want the network to be able to carry voice, plaintext, and little else. They do NOT want a PowerPoint slideshow in the middle of combat!
A possibility here is virtual interfaces that allow multiple network interfaces. Each interfaces goes to its own VLAN. Of which one would need to be in a shared and segmented (PVLAN?) network. This would allow cross communication. Would need some form of additional security to ensure no sneaky business.
Absolutely... and then there is the address space issue... I'm thinking IPv6 could make a lot of sense, here.