A Black Core Network primer.
The term "Black Core Network" refers to a physically segregated network that is only responsible for the transport of encrypted data using Internet Protocol infrastructure.
Commercial vendors have used this method to transport data for several years; however, the Armed Services communicators, who act as Network Service Providers, have only recently taken advantage of the BCN in order to deliver Defense Information System Network services to customers throughout the Combined Joint Operations Area--Afghanistan.
In Afghanistan, we have had significant growth in transmission capability within the last few years, going from a standard 8 Mbps satellite circuit up to a 10 Gbps fiber optic ring supporting the Greater Kabul Metropolitan Area.
The requirement to support increased throughput and IP based transport served as initial drivers to facilitate migration from legacy circuit-based Promina systems to the IP based infrastructure found in the Afghanistan BCN.
An additional advantage of leveraging IP transport is the ability to dynamically provision bandwidth as customer requirements fluctuate, as well as the ability to mix traffic of arbitrary classification. That is, once classified traffic is appropriately encrypted, it can be transported across BCN. For example in the past, if a site had been provisioned for 4 Mbps for Secure Internet Protocol Routing and 4 Mbps for Non-secure Internet Protocol Routing, a change to the amount of bandwidth allowable for SIPR and NIPR required re-provisioning the circuits on the Promina.
An IP based infrastructure allows traffic from any network, such as SIPR or NIPR, to use all of the bandwidth available while the black core router will give priority to traffic based on rule sets rather than re-provisioning circuits on the Promina.
For example, up to 100% or 8 Mbps of the available bandwidth could be used for either SIPR or NIPR, as required, as well as prioritize traffic.
While the concept of having a BCN remains straightforward, we have seen significant improvements since 2010 when the Army first introduced BCN into production in the Kabul area of Afghanistan in support of U.S. Forces Afghanistan.
As the BCN transport system grew to include additional customers outside of SIPR or NIPR, such as supporting our coalition partner network, the requirement to isolate each customer's traffic began to emerge.
The introduction of Multi Protocol Label Switching to the BCN allowed for each customer's traffic to be isolated into its own virtual circuit, known as Virtual Route Forwarding, on the BCN routers which allowed for logical separation of traffic based on classification level.
MPLS also allows optimization of bandwidth by leveraging a technology known as traffic engineering. Traffic engineering allows a site to utilize multiple parallel circuits concurrently rather than them just acting as primary/alternate redundancy, a topic that warrants its own separate discussion.
The Afghan BCN continues to evolve in its development and now exists at over 70 sites in support of USFOR-A with similar models emerging throughout Southwest Asia.
Over the past few years, we have seen a herculean effort undertaken to make BCN utilizing MPLS a standard in CJOA-A. In short, the BCN has become a game changer for the communications community in supporting the war fighter in Afghanistan.
RELATED ARTICLE: ACRONYM QuickScan
BCN -- Black Core Network
CJOA-A -- Combined Joint Operations Area -- Afghanistan
FOB -- Forward Operating Base
Gbps -- Gigabits per second
IP -- Internet Protocol
Mbps -- Megabits per second
MPLS -- Multiprotocol Label Switching
NIPR -- Non-Secure Internet Protocol Routing
SIPR -- Secure Internet Protocol Routing
USFOR-A -- United States Forces Afghanistan
VRF -- Virtual Route Forwarding
By COL Garrett Yee
COL Garrett Yee is the deputy commander--Afghanistan for the 335th Signal Command (Theater) (Provisional), stationed in Kabul, Afghanistan.