Case Study: Hunting for Saddam's fibre-optic cable while bringing VoIP to Iraq
Satellite-based voice and data network proving to be dangerous business.
By Ellen Messmer, NetworkWorld.com | Network World US | Published: 00:00, 07 July 2006
Amid roadside bombs from insurgents, the US military has rolled out a satellite-based network for the Iraqi police that uses VoIP phones and Microsoft servers more reminiscent of an office in Boise than in Baghdad.
The VSAT-based network features a combined 150 pounds of satellite antenna from Proactive Communications, switches from 3Com and Netgear, and Cisco VoIP phones that are loaded onto a truck with modems, computers, and APC uninterruptible power supplies.
Once that's all neatly tucked into a special casing, it is then driven out to locations where Iraqi police establish a post.
"The Iraqis are making the decision about where the sites go, and by the end of December, we will have transitioned this to Iraqi control," says Lt Col Glen Botkin about what is known as the Iraqi Command and Control Network, or IC2 for short. "This is the only fully functioning Iraqi national command and control network."
Based in Baghdad, Botkin is director of the Civilian Police Assistance training team in the organisation the Coalition Forces call the Multi-National Security Transition Command in Iraq.
The organisation's goal is to develop the Iraqi police and army forces. Botkin's team, with a lot of assistance from contractors, has the role of establishing communications for the police force, as well as border entry and customs in the Iraqi Ministry of the Interior.
The VSAT network, with the VoIP phones, was the fastest way to get a network up and running after the toppling of Iraq's dictator, Saddam Hussein, by Coalition forces almost three years ago. But there are plans to enlarge the IC2 Network once the fibre-optic lines Hussein hid in the ground are fully located.
"There is fibre in Iraq but we're not using it yet," says Botkin, noting that Hussein had fibre-optic cable buried throughout Iraq for his own purposes, but maps for it never surfaced after the major battles.
"But we are finding this cable and bringing it together. The intent is to migrate it to this other transmission medium."
In the meantime, the VSAT network and service, which has cost more than $50 million, is expected to be used by upwards of 200,000 Iraqi security personnel in various jobs. But setting up the network is dangerous work for the Iraqis, the Coalition forces and the contractors that take on assignments.
"Every day there's someone on the road with this," says Marc LeGare, COO at Proactive Communications. "Communication between our government and Iraq is something the insurgents don't want."
The situation is dangerous. LeGare says two employees have been killed in the course of setting up the network at about 160 sites.
The satellite service to the sites is provided by Loral. Because satellite links entail some latency, using VoIP phones on them can be tricky, says LeGare.
The Cisco documentation on use of VoIP phones on satellite links is "quite up front about the questionable capability on 500 milliseconds of latency," says LeGare. "We do see some latency with Cisco VoIP phones, but our engineers are mitigating it as they can, and we're operating on the far side of 500 milliseconds where most people wouldn't want to operate."
Bad weather in Baghdad and elsewhere in Iraq can also result in broken communications, he noted.
The IC2 network, which can get access to the Internet, is being segmented off for encrypted secure communications using the Blue Ridge Networks BorderGuard VPN appliances.
Botkin says the "secure" links are for what would be roughly considered "classified" voice and data communications in military terms while the "non-secure" links are "unclassified."
Access via BorderGuard will be required to "pass more sensitive data with the Iraqi government," says Botkin. The IP-based IC2 Network is emerging as a rough equivalent to the Department of Defense NIPRnet ("Unclassified but Sensitive Internet Protocol Router Network") and SIPRnet ("Secret IP Router Network"), he added.
According to LeGare, the VoIP phones are assigned a four-digit number that will allow them to transmit to the satellite for call set-up and back down to the destination on the private network.
The Cisco Call Managers routing the encrypted calls are resident in the Ministry of the Interior headquarters in Iraq. The non-encrypted calls get switched through the US and back to Iraq, at least for the present.
In some ways, the Iraqi network is like any other you'd find elsewhere. Data can be sent to remote Exchange servers or viewed on Web servers on a LAN inside the Iraqi Ministry of the Interior in Baghdad.
The US government has required use of anti-virus (in this case, it's McAfee) and Internet content filters (here, Websense running on the Cisco PIX firewall).
But the almost-daily bombings on civilians and military, and endless stress in other ways, make building the network a dangerous undertaking.
"The friction is an everyday occurrence," LeGare notes. "And there are power outages, gas shortages, checkpoints when the military has to move into an area and movement is restricted. Your employees you depend on can't get out of an area."