IPSec secures overhauled aeronautic net

ARINC runs one of the world's largest and oldest networks on behalf of the airline transportation industry. Now ARINC's network, the Aeronautic Telecommunications Network (ATN), is getting a complete make-over for the new millennium.

ARINC this month decided to migrate the multiprotocol ATN into an IP network protected at all points around the globe by virtual private network (VPN) gear, says Mike McShea, the company's director of network and security architecture.

"What we're looking to do is have a consolidated network architecture," says McShea, noting that the move to IP Version 6 should simplify management chores a great deal. Currently, ARINC's sprawling network of T-1 lines around the world supports everything from older X.25 to more arcane and industry-specific protocols called 85-A1 and SLC. The network is used for communicating among thousands of airlines, manufacturers and airports.

McShea hopes to exploit the latest advances in security by turning the protocol hodgepodge into a VPN-based extranet for the airline industry. And because routers and switches already widely support the IP Security standard, there will be an opportunity to institute security policies based on the idea of segregating traffic types.

"The VPNs give you a type of service field in the IP header to allow routing equipment to distinguish different types of traffic," McShea says. That would make it possible to set boundaries on the use of sensitive data. The next step will be testing a large amount of network equipment in a lab environment to see what works best, he says.

Although IP is now the target protocol for the ARINC net, nobody thinks the migration process is going to be easy. "We're going to have to include some of our legacy protocols through IP encapsulation, but we're trying to keep this small," McShea says.

Consolidation of the messaging types on the network is being done through use of IBM's MQSeries middleware. "This message queuing assures the message is delivered between the ATN and the airline industry corporate networks," McShea notes.

For ARINC, the one catch to designing an international network based on IP is that some international regulations governing commercial aviation require use of the Open Systems Interconnection protocol.

"According to the treaty called the Convention on International Civil Aviation, OSI rules," McShea says. When sending network traffic to government aviation authorities, including the Federal Aviation Administration, ARINC will have to comply with any demand that the data protocol be OSI-compliant.

"This affects significant parts of our business," McShea says. "But conversion between OSI and IP is a known science."

Ellen Messmer is a Senior Editor at Network World. She can be reached at emessmer@nww.com

Winn Schwartau is a security maven, writer and speaker. His recent book "Time Based Security," creates a new paradigm for measuring and quantifying security in any network. His hit books include "Information Warfare" in all three editions. He owns www.infowar.com, the worlds' biggest site for security and information warfare. His team provides extensive security consulting on three continents. In addition, he is a popular, inventive and exciting speaker a boon to any event. Winn can be reached at winn@infowar.com or (727) 393-6600.

RELATED LINKS