HF Radio

Icon-5066

STANAG 5066 Server

Icon-5066 is a modem-independent STANAG 5066 server. It enables applications to work efficiently over HF Modems/Radios and allows multiple applications to work simultaneously.

Icon-5066 Dashboard

Icon-5066 will connect to one or two HF modems, either through a Crypto box or directly, and provides a single interface to an HF network, which can be shared by multiple applications.

The diagram below shows how Icon-5066 is deployed in conjunction with an HF network and two peers, which may use Icon-5066 or another product compliant to STANAG 5066. STANAG 5066 provides a link layer optimized for HF Radio and described in the whitepaper [STANAG 5066: The Standard for Data Applications over HF Radio].

icon-5066

This diagram shows single modem; notes on use of two modems is given under duplex and split site below. This diagram and page looks at deployments with Icon-5066 “red side” only (above modem).  Operation with black side elements is described in the Crypto Bypass tab.

Applications connect to Icon-5066 using the STANAG 5066 SIS (Subnet Interface Service) protocol. Each application uses one of 16 SAP IDs (Service Access Point Identifier).

Architecture

Icon-5066 runs as several processes on Windows or Linux, as shown in the diagram below:

  1. Icon-5066 Distributed Data Service (DDSD) provides orchestration of the Icon-5066 service and monitoring management capabilities. DDSD runs as a Windows or Linux service. Management is via Web Browser connecting to this service using OAuth authentication. DDSD manages and controls all of the nodes on the core service.
  2. The Icon-5066 Core service comprises one or more independent Icon-5066 nodes controlled by DDSD. Each of these nodes implements the STANAG 5066 protocols and connects to a modem. This enables multiple STANAG 5066 services to be conveniently run on a single server.
icon-5066-architecture

Each Icon-5066 node can have one or more drivers configured that support a variety of capabilities. These drivers are implemented in the Lua scripting language. This has a number of advantages:

  • It enables Isode to offer a selection of drivers to address different configuration requirements.
  • It allows Isode customers and partners to easily develop custom drivers to meet specific needs.

The main drivers in Icon-5066 are:

  • Modem Driver. This is the most likely driver that Isode customers will provide, in order to support additional modem types.
  • Rate Change Driver. This controls selection of transmission parameters when changing speed.
  • Transmission Control. This controls choice of a number of modes of operation:
    • Half-Duplex
    • Full-duplex
    • Broadcast
    • CSMA (Carrier Sense Multiple Access)
    • WTRP (Wireless Token Ring Protocol)
    • ALE 1:1 (Use of Automatic Link Establishment to control access to a single peer at a time)
  • ALE Configuration: two drivers support ALE configuration

Key Features

Full Duplex & Broadcast

The most common form of HF communication is Half-duplex, where transmission direction alternates. This is often used for reliable (ARQ) transmission between a pair of nodes where each node alternately transmits and receives. Icon-5066 supports two additional modes of STANAG 5066 compliant communication:

  1. Broadcast. Where a node continuously sends non-ARQ traffic and never receives any data. This will typically be used at fixed frequency from a transmit-only site.
  2. Full-duplex. Simultaneous transmission and reception on two separate frequencies. Full-duplex gives significant performance benefits, but can only be used in configurations where sufficient separation can be achieved between transmit and receive sites. Icon 5066 provides two modes of full-duplex operation; Single modem (where the modem is operating in full-duplex) and Two modems, independently configured, where one is used for Transmit and the other for Receive.

Split Site

Icon-5066 can drive two modems in half duplex mode.   This is important for split site operation where Tx Modems and Radios are located at different sites to Rx Modems and Radios.

Data Rate Selection

Data Rate selection is the choice made before transmission of parameters affecting the transmission; in particular speed and interleaver. This is a critical choice for optimizing performance and Quality of Service for the data being handled. Icon-5066 offers a choice of drivers for different rate selection (in addition to customer rate change drivers):

  • Fixed: A simple fixed setting for use when fixed parameters are desired or where it is not possible to change them dynamically.
  • Signal to Noise Ratio (SNR): This is the best option for most deployments. This uses the mechanisms specified in STANAG 5066 Ed4 to enable sender selection of best parameters for either latency or throughput.
  • Frame Error Rate (FER). Useful when SNR information is not available from the modem. This optimizes for throughput using the “Trinder/Gillespie” algorithm.

Multi-Node Networks: CSMA

Icon-5066 supports multi-node HF networks operating over a single HF Channel following STANAG 5066 Annex K, providing CSMA (Carrier Sense Multiple Access) using jitter. The basic CSMA specification in Annex K is appropriate for networks with large numbers of nodes sharing a single HF frequency.

“Slotted Option for STANAG 5066 Annex K” (Specified in STANAG 5066) provides a more efficient and robust option for networks with a small number of nodes, by use of a configured transmission slot for each node. This also enables:

  • Operation with single CAS-1 soft link, which is important for interoperability and some traffic patterns.
  • Operation with multiple CAS-1 soft links, which improves sharing the HF channel and reduces soft link setup overhead.

Multi-Node Networks: WTRP

Icon-5066 also supports multi-node HF networks operating over a single HF Channel following STANAG 5066 Annex L, Wireless Token Ring Protocol (WTRP). This provides an efficient and fair way of sharing a channel between nodes. It is particularly useful in conjunction with surface wave to support naval task groups. Further information is provided in [Wireless Token Ring Protocol].

ALE

Icon-5066 provides support for ALE (Automatic Link Establishment) by use of ALE drivers following the procedures specified in STANAG 5066 Ed4. Icon-5066 enables use of 2G ALE, 3G ALE and 4G ALE from different vendors. Icon-5066 configures ALE by mapping peer STANAG 5066 addresses to ALE. Supported ALE units are listed with modems.

Icon-5066 includes ALE Management capabilities to enable configuration of multiple nodes participating in an HF Network. This is described in more detail on the ALE & HF Network Management tab .

Modem Support

Icon-5066 can be configured with either one modem or two (one for transmission, one for reception). Communication with each modem uses two independent channels; Data, which is mandatory, and Control. Control is optional and will use protocol specific to the chosen modem. Most modems can be used fixed speed without control.

Icon-5066 supports STANAG 4415, STANAG 4285, STANAG 4539 and STANAG 5069 (Wideband HF) waveforms.

Modem Data Support

Icon-5066 supports the following four modem data communication options. These can be used with or without modem control. Use without modem control allows support of any HF modem as fixed speed.

  • Synchronous Serial: Required by STANAG 5066 Annex D and used operationally to communicate with Crypto devices, Icon-5066 support the Microgate family of cards and SyncLink USB device.  Current support is on Windows, with Linux support planned.
  • Asynchronous Serial: Icon-5066 supports Async Serial on Windows using Windows COM ports and Linux TTY. Async serial is not useful with common Crypto boxes, as they encrypt to stop bits, and so this does not follow the standard. However, it can often be useful for operation without Crypto, as many modems provide an Async Serial interface.
  • TCP using MIL-STD-188-110D Appendix A: Defines a TCP protocol to communicate data to a modem.  This is a very useful option for operation without Crypto. It is supported by the Collins family of modems.
  • Raw TCP. This is a simpler TCP approach which is useful for some setups. It is supported by RapidM RM10.

Supported Modems & ALE Units

Icon-5066 currently supports control for the following RapidM, Thales and Collins modems:

  • RapidM RM6 Modem
  • RapidM RM8 Modem with 2G and 3G ALE
  • RapidM RM10 Wideband Modem with 2G, 3G and 4G ALE
  • Collins Q9600 Modem
  • Collins Q9604 Modem
  • Collins HSM 2050 Modem
  • Collins RT-4800 Wideband Modem
  • Collins RT-2200A Wideband Modem/Radio with 2G, 3G and 4G ALE
  • Thales TRC1774 Modem with 2G and 3G ALE
  • Leonardo Modem (P/N AA8808625200 and P/N AA8808619500 single and four channel configuration) with 2G and 3G ALE
  • Codan Envoy X2 Modem/Radio with 3G ALE
  • Codan Sentry-H 6120-BM Modem/Radio with 3G ALE
  • Codan Sentry-H 6110-MP Modem/Radio with 3G ALE

SNR Monitoring

Icon-5066 provides a mode to monitor a modem and report SNR using a simple protocol. This is a general purpose capability, useful to support the FAB service provided by M-Switch to support BRASS deployments.

Management & Monitoring

Icon-5066 is configured and monitored using a web interface. The configuration interface allows for the creation of new Icon-5066 nodes, setting of detailed parameters and the selection/configuration of drivers.

icon-5066-console-2

Web monitoring is provided for all of the configured nodes and includes information on:

  • Modem status (Transmit/Receive/Idle)
  • Current (or most recently used) modem parameters, including speed, interleaver and bandwidth (for STANAG 5069 WBHF)
  • Frame Error Rate for received transmissions
  • SNR measured on reception
  • STANAG 5066 send and receive transmissions with progress bar
  • Status of CAS-1 links established for ARQ communication including link and break attempts.
  • ALE status, including setup time, negotiated frequency and negotiated bandwidth for 4G ALE.
  • UI display of connected applications with status information.
  • Overall system health status (red/green/amber).
  • Link utilization.
  • ARQ Window Monitoring
  • Enable/Disable of individual nodes

Red/Black Drivers & API

Icon-5066 provides two Red/Black drivers to support HF Communication chain monitoring and management using Isode’s Red/Black product.

  1. Modem Driver for all supported modems. This enables modem monitoring of modems used by Icon-5066.  It also enables monitoring and control of modems (managed modems) for modems not used by Icon-5066.
  2. Icon-5066 driver to allow monitoring and control of Icon-5066 nodes. This allows enable/disable of nodes, to facilitate communications chain reconfiguration.

These drivers are based on an HTTP/JSON API which can be used by third party applications to monitor and control Icon-5066.

Security

Management access to the Icon-5066 services is controlled using OAuth.

TLS (Transport layer security) provides protection for:

  • HTTPS Web Access to DSSD.
  • TLS Support for GCXP to support Modem Proxy (Crypto bypass) across a Red/Black boundary.

Icon-5066 provides Web UI support for creating and managing identities and certificates associated with TLS

Icon-5066 provides an API protected by TLS two way strong authentication and keys managed by Icon-5066

Icon-5066 provides capabilities for providing coherent management of an ALE Network, potentially comprising ALE Units from multiple vendors. This provides a clean solution to managing an ALE network.

ALE Addresses

The screenshot above shows ALE addresses configured for an HF Network

Capabilities provided:

  • HF Network configuration using ALE or fixed frequency.
  • Configuration of default HF Network parameters to ensure coherency.
  • Configuration of ALE Addresses for STANAG 5066 nodes, including binary 3G and 4G ALE addresses.
  • Configuration of frequencies used, including support for STANAG 5069 wideband frequencies of variable width.
  • Configuration of schedules so that the fixed frequency or set of ALE frequencies used can be varied throughout the day.
  • Import/Export so that HF Network configuration can be created on one node and then exported so that other nodes can be set up with the same configuration.

Icon-5066 will use this configuration to ensure that the local ALE unit is correctly configured and will change configuration with the schedules.

icon-5066-2

Icon-5066 will usually be deployed with a Crypto in the data path between Icon-5066 and the modem. This is the only connectivity needed for fixed speed operation without ALE.

 

For ALE and variable speed on the supported modems, Icon-5066 needs a control connection to the modem. This is commonly referred to as Crypto Bypass. It is technically possible to make things work by directly connecting a control/monitor TCP connection between Icon-5066 and the modem.

Although the direct connection works, it is commonly required to use a secure boundary device to support crypto bypass.

Isode’s architecture separates cross domain flow into two XML message streams:

  1. A control stream going from Icon-5066 to black side, which controls modem and ALE unit.
  2. A monitoring stream going from black side to Icon-5066, that contains SNR and other modem monitoring information and ALE connection information.

This structure and the set of messages is specified in Icon-5066 Application Profile.  This formal specification allows analysis of the crypto bypass messages and message flows.

Isode provides a Proxy Modem component of Icon-5066, which provides the black side of this architecture.   This Proxy Modem  communicates with modems and ALE units in exactly the same way as Icon-5066 without the crypto bypass.

Proxy Modem is technically the same as Icon-5066, and simply working in black side mode.   The DDSD management process runs black side to provide monitoring and control of multiple black side nodes, each paired with a matching red side node.

Proxy Modem and Icon-5066 (red side) communicate using supporting the Guard Content eXchange Protocol (GCXP).   They can talk directly, but the primary purpose is to communicate through an XML Guard acting as an application level data diode.

This architecture is designed to work with Isode’s M-Guard product, although could be used with any XML Guard using GCXP to communicate.

MoRaSky

MoRaSky (Modem Radio Sky) is a software tool provided by Isode to help test Isode HF products. MoRaSky provides a service equivalent to HF modems connected to Radios and operating over the Ionosphere.It enables sophisticated testing of Icon-5066 and the applications it supports, without use of hardware or Over the Air transmission. It can operate as with a GUI or command line interface.

morasky-wrtp

MoRaSky can be used in one of two ways:

  1. Emulating a modern modem with data and control interfaces.
  2. Emulating a serial interface (synchronous and asynchronous) connection to a data connection to a modem with fixed parameters.

Capabilities include

  • Emulation of one or more HF networks (multiple networks can be used for ALE and Duplex testing) with support for two or more connection points to each network.
  • Choice of interleaver corresponding to each waveform
  • Choice of bandwidth from 3kHz to 48kHz for STANAG 5069
  • Option to simulate clear channel
  • Configurable Bit Error Rate (BER) on output.
  • Configurable Error Clustering.
  • Option to drop initial bytes.
  • Option to emulate operation at selectable SNR value, with channel variation according to various channel models (CCIR Good; CCIR Moderate; CCIR Poor; AWGN (additive white gaussian noise)).
  • Emulation of delays corresponding to two types of Crypto.
  • Intermediate Term Variation (ITV) following Walnut Street model.
  • Variation of SNR at intervals based on specified list.
  • Simulate regular on/off interference.
  • Simulate Markov chain on/off interference.
  • Modem failure to configurable pattern.
  • Duplex channel simulation (one or two modem).
  • ALE simulation, including 4G ALE and variable bandwidth.
  • Surface Wave Simulation.
  • Movement of nodes.
  • connectivity change between nodes.
  • Support for split site emulation with separate Rx and Tx modems.

HF Tool

Isode partners will often need to test modems, for example to test with a modem variant that Isode does not have in house. HF Tool is an Isode application that directly uses the Icon-5066 modem drivers. It can be operated in three modes:

  1. Controlling two connected modems, so that the HF tool can control what is sent and measure what is received.
  2. Controlling two modems with a channel simulator between them. This enables controlled measurements of performance with varying link conditions.
  3. Use of seperate HF Tool instance cannot be connected at both ends. HF Tool works in a way that enables the receiver to interpret what is sent

HF Tool runs a range of tests to ensure good performance and operation of modem drivers in a range of conditions. It also gives a clear measure of modem performance:

  1. Basic data tests to show data transfer and data loss.
  2. Timing tests to show delays and turnaround times.
  3. Sequenced tests, so that varying speeds and interleavers can be tested with a single HF tool run.

STANAG 5066 Console

Isode’s applications can be deployed over STANAG 5066, which is essential for operating over HF Radio, and provides performance and interoperability benefits for VHF/UHF. Isode provides a GUI Console, to help set up, test, and monitor STANAG 5066 infrastructure. This is designed to support deployments of Isode applications over STANAG 5066, independent of the choice of STANAG 5066 server.

The STANAG 5066 Console is a GUI application that connects to a STANAG 5066 Server. It supports the STANAG 5066 HF Operator Chat Protocol (which can be used with any remote HF Operator Chat client) and Isode protocols that communicate with a peer STANAG 5066 Console. The Isode STANAG 5066 Console offers the following benefits:

  • Management GUI Interface independent of STANAG 5066 Server.
  • GUI setup and testing of STANAG 5066 network, independent of Isode server applications
  • Service Discovery of remote systems.
  • Latency and Throughput testing.
  • Operator Chat using the standard STANAG 5066 protocol.

Key Features

Connection Setup

STANAG 5066 Console can connect to multiple STANAG 5066 Servers, which is useful for testing. An operational deployment is likely to use a single local STANAG 5066 server.

Service Discovery

STANAG 5066 Console can discover (automatically or on demand) the identity and operator defined names of other connected systems. This is done by use of a broadcast message, which connected servers respond to. This simplifies setup and testing of a network.

Operator Chat

Operator Chat, as defined in Appendix F of STANAG 5066, is designed to support simple operator to operator communication. STANAG 5066 Console allows easy operator chat to any peer system. It is possible to support both sides of the chat, which is useful for testing but would be unusual for an operational system.

Performance Testing

s5066-console

Performance optimization is critical for operation over slow links. Application measurements are often complex to interpret, and are not a straightforward mechanism to diagnose and measure the underlying systems. STANAG 5066 provides basic tools for measuring the application level view of the underlying STANAG 5066 network. The following capabilities are provided:

  • Latency test. This is illustrated above. This is using a simulator, so the times are much shorter than for one using a radio.
  • Throughput test.
  • Tests may be for a fixed number of packets or continuous.
  • Sending is “full speed” and so tests STANAG 5066 server flow control.
  • All STANAG 5066 parameters can be adjusted.

Security

The STANAG 5066 SIS protocol does not have any security features, so care must be taken in deployment configuration, to ensure that only trusted components can connect.

Interoperability

STANAG 5066 Console has been tested against a reference STANAG 5066 server, and against the RapidM RM Servers. Isode is keen to test with other STANAG 5066 Servers. Please contact us if you wish to work with us on this.

STANAG 5066 specifies an HF link layer which Icon-5066 implements.  It also specifies a number of applications, layer services and specifications as to how applications operate over STANAG 5066.  This page sets out:

  1. Icon-5066 conformance to STANAG 5066.
  2. Isode support of applications specified in STANAG 5066, some of which are supplied with STANAG 5066 and other products.
  3. Isode product support of other applications optimized for use with STANAG 5066.

STANAG 5066 has multiple versions.   Three versions are considered here:

  1. Edition 4, specified in “AComP-5066 ‘TECHNICAL STANDARDS FOR HF RADIO LINK LAYER AND APPLICATION SUPPORT PROTOCOLS FOR SINGLE CHANNEL WAVEFORMS’ Edition A, Version 2 – May 2024.  This is the primary conformance reference. Notes specify compliance to profile options specified in Edition 4.
  2. Edition 3, is also supported, following the detailed interoperability specifications set out in Edition 4.
  3. Edition 5 is planned, and drafts of new annexes are under consideration (Annexes W – AG). These annexes and Isode support are set out here.

Applications connect to Icon-5066 using the STANAG 5066 SIS (Subnet Interface Service) protocol.  Icon-5066 can be used with any application that uses the STANAG 5066 SIS protocol.

Annex

Title

Notes

A

Subnetwork Interface Sublayer

All mandatory elements supported. Optional capabilities:

 

·       EXPEDITED DATA (deprecated) – supported.

·       HARD LINKS (deprecated) – not supported

·       NON-ARQ WITH ERRORS –  not supported.

 

B

Channel Access Sublayer

All mandatory elements supported. Optional capabilities:

 

·       DUPLEX FIXED – supported

·       MULTIPLE ACCESS -supported

·       ALE 1:1 options:

o   Core function supported

o   IMPLICIT CAS-1 – supported

o   EXPLICIT CAS-1- supported

o   Negotiated CAS-1 termination  – planned

o   MULTICAST ALE -not supported

o   DUPLEX WITH ALE –  not supported.

C

Data Transfer Sublayer

 

All mandatory elements supported. Optional capabilities:

·       DUPLEX FIXED –  supported.

·       NON-ARQ WITH ERRORS – not supported

·        DUPLEX WITH ALE – not supported.

D

Interface between Data Transfer Sublayer and Communications Equipment

Supported using Icon-5066 synchronous serial driver.

E

Absent

n/a

F

SAP assignment

Default SAP and Priority settings followed by Isode product set..

G

Absent

n/a

H

Absent

n/a

I

Absent

n/a

J

General Requirements for Enhanced Media-Access-Control (MAC) Capabilities in Multi-Node STANAG 5066 Networks

Mandatory elements supported.MAC ALE option not supported.

K

High-Frequency Carrier-Sense Multiple-Access (CSMA) Protocols

Fully Supported including slotted option.

L

High-Frequency Token-Ring Protocol (WTRP) Requirements.

Fully Supported.

M

Reserved

n/a

N

Guidance on Address Management in STANAG 5066 Networks.

Relevant for deployment but does not apply to products.

O

HF Operator Chat

Supported by S5066 Console tool supplied with Icon-5066

P

ACP 127 & Character-Oriented Serial Stream.

Supported by Isode M-Switch Product

Q

ACP 142.

Supported by Isode  M-Switch Product, with both:

·       STANAG 4406 Annex E;  and

·       MULE (RFC 8494) for SMTP messaging

Routing Sublayer.

Not supported.

S

SIS Access Protocol.

Fully supported.

T

STANAG 5066 TRANSEC Crypto Sublayer using AES and other Protocols.

Provided as a prototype capability, suitable for experiments and measurement of this annex.

U

IP Client.

Supported by Isode Icon-PEP product.

V

Compressed File Transfer Protocol.

Supported by Isode M-Switch product.  Also known as Battle Force Email.

 

 

 

W

SIS Layer Extension Protocol (SLEP)

This annex specifies layer services used in Isode’s Icon-PEP, M-Link and HFFTP products.

X

HF-PEP: TCP Performance Enhancing Proxy Protocol

Supported by Isode’s Icon-PEP products.

Y

Use of IP Crypto

Implemented in Isode’s prototype products Icon-IP and Icon-SIS.  These are available to partners for experimentation and measurements

Z

IP Optimizations

Not supported.

AA

HF Location & Information Sharing Protocol – HF-LISP

Not supported.

AB

HF Routing Information Protocol – HF-RIP

Not supported.

AC

Discovery and Testing

A similar service is provided by Isode’s S5066 Console.

AD

HF Broadcast Protocol (HFBP)

Not supported.

AE

HF File Transfer Protocol (HFFTP)

Supported in Isode’s HFFTP tool supplied with Icon-5066.

AF

Modems that Control Data Rate

Not supported.

ag

Lightweight DTS

Not supported.

The following applications are not specified in STANAG 5066 but are noted as relevant for operation over HF

XMPP

Open Standard Chat and Presence Protocol

XMPP operates over STANAG 5066 using XEP-0365 “XMPP Server to Server Communication over STANAG 5066 ARQ”. XEP-0365 operates over the SLEP streaming service, specified in STANAG 5066 Annex W.

 

Supported by Isode’s M-Link MU Server and M-Link MU Gateway products.

Link-16

Tactical Data Link

Tactical Data Link is important for HF.  Link-16 can be operated over JREAP-C, which can be operated over STANAG 5066 Annex X, supported by Isode’s Icon-PEP product.

TAK

Tactial Assault Kit / Team Awareness Kit

TAK is important for C2 operations.  TAK can be operated over STANAG 5066 Annex X, supported by Isode’s Icon-PEP product.

Ready to request an Evaluation?

Thankyou for considering Isode’s software products. To request an evaluation, please select the product(s) you are interested in, then fill out the enquiry form.

Select your Evaluation products: