A couple of weeks ago we talked about what affect changes to our network can have when we add HCLOS and other links between nodes. In that article, we talked exclusively about NIPR traffic going across the network and didn’t mention anything about SIPR. So what happens with our SIPR traffic if we install a HCLOS link?
Below I have a screen shot of a ping between a JNN and a CPN. The first screen shot shows the pings before the HCLOS link was installed while the second one shows the pings after the HCLOS link was up and running. As you can tell, difference in time in noticeable.
So if that is the case, why am I bothering to write this article? Let me give you another scenario. There will often be times when we have to connect to a node that is in a separate TDMA mesh from us. At NTC it is not uncommon for a unit to have enough attached CPNs/JNNs that the RHN puts them into two meshes. Another example is if you are putting in a HCLOS link to an adjacent brigade or possibly even into the division main JNN. In all of these cases, the remote node is in a different TDMA mesh than us. So for this example, we’ll look at a trace route between the unit’s JNN and the Division JNN.
The first screen shot shows normal NIPR traffic flow between the two JNNs, through the RHN over the JNN’s FDMA links. Looking at the screen shot, you can easily see the first satellite hop to the RHN and then the second satellite hop to the remote JNN with an average round trip time of about 1200 ms.
Once the HCLOS link is installed we immediately see that both satellite hops are gone and have instead been replaced with the data flowing directly between the nodes over the HCLOS link.
So now that the HCLOS link is up and working and we can see for a fact that data is flowing across it, we should see similar results on the SIPR side as well. First we look at the original pings between the two JNNs with FDMA up and see the obvious double satellite hop.
Now that the HCLOS link is established, lets check the same thing again. It should work without problem like it did for the JNN to CPN, right? Lets see.
So what’s the problem? We know that the HCLOS link is up and working because we were able to easily send data across it on the NIPR side, but for some reason it appears that we’re still taking a double satellite hop between the two JNNs. As I said above, it’s important to remember that once encrypted TACLANE traffic is put on the NIPR side of the network, it is just normal traffic routing between two endpoints (in this case TACLANES). What we haven’t considered though in this case is just what two TACLANES are involved. Most people make the mistake of thinking that just because the two routers are talking to each other on the NIPR side means that they will do the same on SIPR automatically. As we can see, that is not correct.
Jumping back on our SIPR router, we can find the answer to why this isn’t working. We have to remember that data on the SIPR side flows based on the routing information on the SIPR side. If that path includes going rough a tunnel (and in turn a TACLANE) than once the formation leaves the TACLANE the NIPR network dictate how it gets to the other TACLANE. When we look at the OSPF relationships on our SIPR router and also at the route data will take to the JNN, in both cases, we see that the RHN, not the JNN is actually the next hop in the path on SIPR which means that data must flow there on NIPR, in this case via our FDMA link.
So how do we fix this? The easy answer is just to build a point to point tunnel between the two JNN SIPR routers. The tunnel source will still be your G0/0.175 just like your TDMA tunnel, but in this case the destination will be the G0/0.175 of the remote JNN. I recommend you cost the SIPR side the same as you costed the NIPR side (although this is by no means necessary) and once OSPF is established over our new tunnel, we check our results again and it works.
The important part to remember that with SIPR (in Inc 1A) and NIPR and SIPR (in Inc 1B) the SIPR routing controls where data goes but the NIPR side controls how exactly it gets there.