Distributed policy enforcement for priority awareness in tactical SATCOM networks

This paper presents a working distributed SATCOM policy enforcement (SPE) software prototype that protects priority traffic in tactical SATCOM networks. The SPE software is designed for distributed deployment at SATCOM terminals and is compatible with communication security (COMSEC) considerations where mission data originated by applications operating on protected computing systems is encrypted prior to transport by SATCOM communication systems. Each SPE instance operates as an independent feedback-based control process and performs the following key high-level functions: (1) Periodically query the aggregate SATCOM subnet capacity utilization, (2) compute new policy-based traffic policing configuration settings for the local SATCOM router to protect priority flows based on the measured subnet utilization and (3) send commands to the local SATCOM router to enforce the computed traffic policing settings. The SPE prototype has been successfully demonstrated in both commercial router and simulation environments that model a 3-node SATCOM subnet scenario. Experimental results reported here for the SPE software provide proof-of-concept validation of its ability to dynamically enforce policy-based priority-aware policing of network traffic. The results include both quantitative throughput performance gains for high-priority traffic and visual demonstration of enhanced priority video rendering.