1.1 General Overview
This manual contains the minimum communication protocols and services that will enable implementation of an ICAO Aeronautical Telecommunication Network (ATN) based on the Internet Protocol Suite (IPS) utilizing Internet Protocol version 6 (IPv6).
Implementation of IPv4 for transition to IPv6 (or as a permanent subnetwork) is a regional or local issue, and is not be addressed in this manual. The scope of the manual is on inter-domain routing, although the material in this manual can also be used for intra-domain routing (e.g. within a country).
The IPS in the ATN architecture is illustrated in Figure 1.
Figure 1 – IPS Architecture in the ATN
In accordance with Annex 10, Volume III, Part I, paragraph [3.3.3] implementation of the ATN/IPS, including the protocols and services included in this manual, shall take place on the basis of regional air navigation agreements between ICAO contracting states. Regional planning and implementation groups (PIRG’s) are coordinating such agreements.
2 REFERENCE DOCUMENTS 2.1 IETF Standards
The following documents form part of this manual to the extent specified herein. In the event of conflict between the documents referenced herein and the contents of this manual, the provisions of this manual shall take precedence.
Request for Comments (RFCs)
RFC-768 User Datagram Protocol, August 1980
RFC-793 Transmission Control Protocol, September 1981
RFC-1323 TCP Extensions for High Performance May 1992
RFC-1981 Path MTU Discovery for IP Version 6, August 1996
RFC-2401 Security Architecture for the Internet Protocol, November 1998
RFC-4302 IP Authentication Header, December 2005
RFC-4303 IP Encapsulating Security Payload (ESP), December 2005
RFC-2410 The NULL Encryption Algorithm and Its Use with IPsec, November 1998
RFC-2460 Internet Protocol, Version 6 (IPv6) Specification, December 1998
RFC-2474 Differential Services Field, December 1998
RFC-2488 Enhancing TCP over Satellite Channels, January 1999
RFC-2858 Border Gateway Protocol (BGP4) Multiprotocol Extensions June 2000
RFC-4271 A Border Gateway Protocol 4 (BGP-4), January 2006
RFC-4305 Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) – (NB proposed standard, obsoletes RFC2402, RFC2406), December 2005
RFC-4306 Internet Key Exchange (IKEv2) Protocol, December 2005
RFC-4307 Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2), December 2005
RFC-4443 Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification, March 2006
In the event of a conflict between the manual and the provisions in Annex 10, the provisions of Annex 10 shall take precedence.
ICAO Annex 2 Rules of the Air
ICAO Annex 3 Meteorological Service for International Air Navigation
ICAO Annex 10 Aeronautical Telecommunications – Volume III, Part I – Digital Data Communication Systems
ICAO Annex 11 Air Traffic Services
ICAO Doc. 9705-AN/956 Edition 3, Manual of Technical Provisions for the ATN, 2002
ICAO Doc. 9739 Edition 1, Comprehensive ATN Manual (CAMAL), 2000
ICAO Doc. 4444 Procedures for Air Navigation Services – Air Traffic Management 14th Edition, 2001
ICAO Doc. 9694 Manual of Air Traffic Services Data Link Applications
ICAO Doc. 9880 Detailed technical specifications for the Aeronautical Telecommunication Network (ATN) using ISO/OSI protocols (Doc. 9880 replaces Doc. 9705)
3 ABBREVIATIONS
The acronyms used in this manual are defined as follows:
AAC Aeronautical Administrative Communications
AOC Aeronautical Operational Communications
AS Autonomous System
AD Administrative Domain
AH Authentication Header
AINSC Aeronautical Industry Service Communication
ATN Aeronautical Telecommunication Network
ATSC Air Traffic Services Communication
BGP Border Gateway Protocol
CL Connection-less
CO Connection-oriented
ECP Encryption Control Protocol
ESP Encapsulating Security Protocol
G-G Ground- to- Ground
IANA Internet Assigned Numbers Authority
ICAO International Civil Aviation Organization
ICMP Internet Control Message Protocol
IETF Internet Engineering Task Force
IKEv2 Internet Key Exchange (version2)
IP Internet Protocol
IPS Internet Protocol Suite
IPv6 Internet Protocol version 6
ISO International Organization for Standardization
LAN Local Area Network
MTU Maximum Transmission Unit
OSI Open System Interconnection
QoS Quality of Service
RFC Request for Comments
TCP Transmission Control Protocol
SARPs Standards and Recommended Practices
SPI Security Parameter Index
UDP User Datagram Protocol
WAN Wide Area Network
3.1 Definitions
Definitions are consistent with IETF terminology.
Autonomous System
A connected group of one or more IP prefixes, run by one or more network operators, which has a single, clearly defined routing policy.
Host A host is a computer connected to the ATN that provides end users with services; in addition, a host can function as a router. (Note: In OSI terminology, a host is and end system and a router is an intermediate system).
Internet A worldwide computer communications network that interconnects WANs, LANs, and computers by adopting common interface services and protocols based on the TCP/IP technology.
LAN A network that interconnects hosts over short distances.
Network Collection of computers, printers, routers, switches, and other devices that communicate with each other over a common transmission medium.
Protocol A set of rules and formats (semantic and syntactic) which determine the communication behavior between peer entities in the performance of functions at that layer.
Router The communication element that manages the relaying and routing of data while in transit from an originating end system to a destination end system.
Inter-Domain Routing (Exterior Routing Protocol)
Protocols for exchanging routing information between ASes. They may in some cases be used between routers within an AS, but they primarily deal with exchanging information between ASes.
Intra-Domain Routing (Interior Routing Protocol)
Protocols for exchanging routing information between routers within an AS.
WAN A computer network that spans a large geographical area.
4 REQUIREMENTS 4.1.1 The ATN IPS Internet
4.1.1.1 The ATN IPS Internet consists of IPS Nodes and networks operating in a multinational environment. The ATN IPS Internet is capable of supporting Air Traffic Service Communication (ATSC) as well as Aeronautical Industry Service Communication (AINSC), such as Aeronautical Administrative Communications (AAC) and Aeronautical Operational Communications (AOC).
4.1.1.2 There are two types of IPS Nodes in the ATN. An IPS Router is an IPS Node that forwards Internet Protocol (IP) packets not explicitly addressed to itself. An IPS Host is an IPS Node that is not a router.
4.1.1.3 The ATN IPS Internet consists of a set of interconnected Administrative Domains (AD). From a management perspective, an Administrative Domain can be an individual State, a group of States or a region. From a Physical perspective, an Administrative Domain is a group of hosts, routers, and networks operated and managed by a single organization. An Administrative Domain is viewed from the outside, for purposes of routing, as a cohesive entity.
4.1.2 Administrative Domains 4.1.2.1 Each State participating in the IPS Internet shall operate one or more Administrative Domains or form part of an Administrative Domain containing one or more Inter-domain Routers as required to interconnect with Inter-domain Routers in other ground-based Administrative Domains.
Note 1.— An Administrative Domain constitutes one or more Autonomous Systems.
Note 2.— The routing protocol within an Administrative Domain is local matter determined by the managing organization.
4.2 Physical layeR & LINK LAYER REQUIREMENTS
4.2.1 The specification of the physical and link layer characteristics for a node is local to the interfacing nodes.
4.3 Network LAYER ReQUIREMENTS
4.3.1.1 IPS Nodes in the ATN shall implement IPv6 as specified in RFC-2460.
4.3.1.2 IPS Hosts should implement IPv6 Maximum Transition Unit (MTU) path discovery as specified in RFC-1981. .
4.3.1.3 Path MTU discovery shall be supported for IPv6 packets greater than 1280 bytes.
4.3.1.4 An IPS Host Flow Label field shall be set to zero. (Flow Label Field is not supported in the ATN.)
Network Addressing
4.3.2.1 Administrative Domains shall be responsible to obtain globally scoped IPv6 address assignments for IPS nodes.
Inter-Domain Routing
4.3.3.1 IPS routers in the ATN IPS which support inter-domain dynamic routing shall implement version 4 of the Border Gateway Protocol (BGP4) as specified in RFC-4271.
4.3.3.2 IPS routers in the ATN which support inter-domain dynamic routing shall implement the BGP-4 Multiprotocol Extensions as specified in RFC-2858.
Administrative Domains shall be responsible to obtain AS numbers for ATN IPS routers that implement BGP-4.
Error Detection and Reporting
4.3.4.1 IPS nodes shall implement Internet Control Message Protocol (ICMPv6) as specified in RFC-4443.
Quality of Service (QoS)
4.3.5.1 The IPS shall provide the required class of service to support the operational requirements.
4.3.5.2 IPS Routers, which support traffic class, shall implement Differential Services Field as specified in RFC-2474.
4.4 Transport layer REQUIREMENTS 4.4.1 End to End Services
4.4.1.1 The transport layer provides end-to-end service between hosts over the ATN.
4.4.2 Support Services
4.4.2.1 The transport layer supports the following types of services:
Connection-Oriented (CO), invoking TCP
Connection-Less (CL), invoking UDP
4.4.3 Transmission Control Protocol (TCP)
4.4.3.1 IPS Host shall implement Transmission Control Protocol (TCP) as specified in RFC-793.
4.4.3.2 IPS Host may implement TCP Extensions for High Performance as specified in RFC-1323.
4.4.3.3 IPS Host may implement RFC 2488 when operating over satellite links.
4.4.4 User Datagram Protocol (UDP)
4.4.4.1 IPS Host shall implement User Datagram Protocol as specified in RFC-768.
Note1. - Implementation of, support for security is to be based on a system threat and vulnerability analysis.
Note 2. – Network layer security in the ATN IPS Internet is implemented using IPsec.
5.1 Basic Architecture
5.1.1 IPS nodes in the ATN which support network layer security shall implement the Security Architecture for the Internet Protocol as specified in RFC-2401.
5.2 Security Protocols
5.2.1 IPS nodes in the ATN which support network layer security shall implement the IP Encapsulating Security Protocol (ESP) as specified in RFC-4303.
5.2.2 IPS nodes in the ATN which support network layer security shall implement the IP Authentication Header (AH) protocol as specified in RFC-4302.
5.3 Key Management Methods
5.3.1 IPS nodes in the ATN which support network layer security shall implement manual configuration of the security key and Security Parameters Index (SPI).
5.3.2 IPS nodes in the ATN which support network layer security should implement The Internet Key Exchange (IKEv2) Protocol. as specified in RFC-4306.
5.4 Transforms and Algorithms
5.4.1 IPS nodes in the ATN which support network layer security shall implement the Cryptographic Algorithm Implementation Requirements for the Encapsulating Security Payload (ESP) and Authentication Header (AH) as specified in RFC 4305.
5.4.2 IPS nodes in the ATN which support network layer security shall implement The Null Encryption Algorithm and Its Use With IPsec as specified in RFC-2410.
5.4.3 IPS nodes in the ATN which support network layer security shall implement the IP Encapsulating Security Protocol NULL authentication algorithm as specified in RFC-4303.
5.4.4 IPS nodes in the ATN which support network layer security shall operate either the NULL Encryption Algorithm or the NULL Authentication Algorithm.
Note - Since ESP encryption and authentication are both optional, support for the NULL encryption algorithm [RFC-2410] and the NULL authentication algorithm [RFC-4303] is to be provided to maintain consistency with the way these services are negotiated. When ESP is used, at least one of these optional services is invoked (i.e. is non-NULL).
5.4.5 IPS nodes in the ATN which support network layer security shall implement the Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2) required algorithms for key exchange as specified in RFC-4307.
Note. – Algorithms of equivalent or greater strength than those identified in RFC-4307 are implemented as a local matter on a bi-lateral basis.
| 