DOD Backbone: Network Transformation

UNCLASSIFIED DOD Backbone: Network Transformation Technical Director Insights Bryon Doyle Technical Director Transport Services Directorate Operations and Infrastructure Center EIS Atlanta May 2022 1 UNCLASSIFIED DISA: TRUSTED TO CONNECT, PROTECT, AND SERVE

UNCLASSIFIED Some DOD Backbone Network Dimensions What if DOD Were a Large Company? It would be the largest company in the world, in terms of people, footprint and budget It would have a vitally important mission to National and Global Security Security and Availability considerations It would have an unmatched global reach Technical Dimensions to Scale Defense networks are still some of (if not) the largest in the world Wide variance of services offerings Delivery to austere/remote locations Network support under combat operations Complexity Evolving Operational Landscape Various pivots in operational posture Transformation of applications and services Source: https://www.defense.gov/about/ 2 UNCLASSIFIED DISA: TRUSTED TO CONNECT, PROTECT, AND SERVE

UNCLASSIFIED Network Foundations and History Always ask How did we get here? Outstanding mural @ DISA HQ on the history of military communications Global information grid Bandwidth expansion (GIG-BE) fundamental change to the Defense Information Systems Network (DISN) ~2001-2006 Joint Information Environment (JIE) Joint Regional Security Stacks (JRSS) Each Evolution, We Carried Some Technical Debt Forward Things like Low-Speed Time Division Multiplexing (LSTDM) Various Optical Transport Protocols (i.e., SONET/SDH) Capabilities still exist within larger DoD, DISN and Core Networks Complexity User Demand, Expectations, and Technology Continue to Move Forward Creates pinch/inflection points within the network, where sometimes the only answer is duct tape and heroics User demand and expectations are driven by the technologies we consume in our personal lives Applications and systems are more immersive/interactive COVID-19 pandemic forced fundamental changes to network behavior (telework, remote work, cloud adoption, etc.) It just works latency and congestion cause problems 3 UNCLASSIFIED DISA: TRUSTED TO CONNECT, PROTECT, AND SERVE

UNCLASSIFIED How to Start the Pivot in the Organization? Embrace the Data-Driven Culture Networks are very large, complex and often built from disjoint sources (think spreadsheets, config files and contract award documents) Get organized to build single source of truth and cut down on trivia sessions Geospatial is a huge part of global infrastructure, where the assets and services are located matters Business system insights and correlation on market dynamics for procurements Changes in Traffic Patterns are Forcing us to Change Outside the boundary aka telework has fundamentally changed traffic flows for end users (2M+ is a significant number) Flows to Cloud Service Providers, on premise/edge compute start to change dynamics on network Assume demand on the infrastructure is infinite Prove the Changes are a Good Thing Need to sell the changes to operations, customers, security, etc. Partnership across United States Government Organizations & Allied Partners Industry outreach and Technical Exchanges Small victories, show the new way is a good thing, grow the culture to embrace the way forward. 4 UNCLASSIFIED DISA: TRUSTED TO CONNECT, PROTECT, AND SERVE

UNCLASSIFIED How to Break up the Problems to Move Forward? Rule #1 Do No Harm Don t make the user experience WORSE when you make a change. Start to break core network into personas to structure modernization and optimization efforts Carrier Network Persona Portions of the network can look like a very large Tier-1 carrier globally, assembled from assets (fiber) and services (colocation and leased capabilities) Responsible for delivering services to installations outlined in DoD Instruction 8010 Cyber security and defense on carrier overlay Cloud/Content Delivery Persona DoD hosted compute resources within security boundary Cloud Service Providers (CSP) Enterprise Network Persona DISA leading: 4th Estate Network Optimization (4ENO) Service leading: Enterprise domains (e.g., USA, USAF, USSF, USN, USMC) that consume services (e.g., identity management) 5 UNCLASSIFIED DISA: TRUSTED TO CONNECT, PROTECT, AND SERVE

UNCLASSIFIED Design Fundamentals / Guiding Principles Zero Trust THUNDERDOME Changes traffic behavior to meet evolving security constraints Changes for end-to-end traffic flow to embrace Zero Trust principles Security in every aspect of design and planning efforts Colocation Providers Better meet-me points between DOD infrastructure and global providers (cloud, hosting, telecom, etc.) Increase competition for assets/services/components Access to novel and unique emerging technologies (e.g., edge compute, dynamic bandwidth, etc.) Fighting Physics Latency from end user to service Placement of colocations, edge compute and hand off to front doors Traffic Flows Modelling Microservices (user logging into Software as a Service), projected over core infrastructure, at scale, and in a failure mode Early phases of our journey into Reliability Engineering and Optimization 6 UNCLASSIFIED DISA: TRUSTED TO CONNECT, PROTECT, AND SERVE

UNCLASSIFIED Technologies of Interest (Network) Segment Routing Address evolution from MPLS services, carrier growth and expansion Emerging capabilities on SR programmability and integration into API s Interop/Multi-Vendor Integration Complexity Software Defined Wide Area Networking Several Technology/Application Areas Edge Routing Modernization Application and Security Aware Routing Edge Site/Managed Wide Area Network Delivery Open research was published on this topic Capacity and scale testing ongoing Interop/Multi-Vendor Integration Complexity Photonic Disaggregation Work with several suppliers on Open Line System (OLS) Test cases based on Telecom Infra project Open Standards Engagements with various carriers, research networks, and internet content providers Automation and integration into single control & planning environment 7 UNCLASSIFIED DISA: TRUSTED TO CONNECT, PROTECT, AND SERVE

UNCLASSIFIED Technologies of Interest (Emerging and Long Range) Enhancements to Network Insights Telemetry, packet capture, technologies How to structure the data? Large scale data governance problem at scale Combined instrumentation with edge processing? Closed loop integration into network management and control. AI/ML Really need to have the single source of data worked first proper links to telemetry Then possible to support additional applications and algorithms to support Help sift through the data in real time and assist NetOps is first objective Closed-Loop is an aspirational target, guide efforts for data and Config Management (CM) updates, etc. Quantum Key Distribution Following other authorities (NIST and others) on guidance Technologies like open line system are a key technology enabler to allow for experimentation and Proof of Concept (POC) 8 UNCLASSIFIED DISA: TRUSTED TO CONNECT, PROTECT, AND SERVE

UNCLASSIFIED Idealized Architectures (Magic Wand/ Blue Sky View) Rapid mitigation of Technical Debt Migration and modernization of lots of platforms and systems that use Low Speed TDM Ties to larger DoD modernization efforts and improvements Understand the connections at the edge for certain things but rapid removal of legacy from our core networks and pivot to emulation technologies Embrace of Simplicity Large network environment, has lots of service variations and configurations All adds to complexity and challenges to normalize Decoupling of Enterprise and Transport Builds on dis-aggregation and open models before Allows us to balance different dimensions to a global network Tight Integration on Data/Tools/Planning Challenging to take a network with 20+ years to evolve and merge systems Cloud Service Provider infrastructures are purpose built 9 UNCLASSIFIED DISA: TRUSTED TO CONNECT, PROTECT, AND SERVE

UNCLASSIFIED Team Dynamics Mix of Inspirations to Construct Teams to Solve Problems Software Development (Agile, DEVSECOPS, etc.) Advanced Engineering (Prototype, Demonstration) Rapid / Operational (Special Forces) Classical Engineering (Critical Infrastructure, Life Safety, etc.) All About Empowerment Grow the technical, program management and operations talent pool Rotational, new assignments Outreach and bring in team members with diverse backgrounds to enrich the team Training and Immersion Immerse team members at all skill levels in new situations Expose to new vendor technologies, capabilities, etc. Broadening beyond typical communications engineering (Data Science / Coding, etc.) 10 UNCLASSIFIED DISA: TRUSTED TO CONNECT, PROTECT, AND SERVE

UNCLASSIFIED Wrapping Up Large Complex Networks Pose Challenges Not Unsolvable Work the fundamentals basic core functions Leverage new technologies & ways of thinking to address scale/complexity problems Manage technology insertion and maturation into global baseline Interesting Times Ahead New technologies and capabilities Experimental designs are now considered mainstream New operational challenges Changing the Dynamic Introducing some new practices to telecommunications engineering Broadening workforce to new areas of expertise as well as technical competency areas 11 UNCLASSIFIED DISA: TRUSTED TO CONNECT, PROTECT, AND SERVE

UNCLASSIFIED DEFENSE INFORMATION SYSTEMS AGENCY The IT Combat Support Agency @USDISA DISA.mil /DISA /USDISA 12 UNCLASSIFIED DISA: TRUSTED TO CONNECT, PROTECT, AND SERVE