Network Function Virtualization (NFV) in

Aircraft Data Networks (ADN)Suhail Ahmed

Emirates Airlinessuhailblue@gmail.com

Introduction

Aircraft Data Network (ADN) is a concept used in aircraft for internal networking between various

avionics components. There are various specifications for aircraft internal networking however

standard introduced by the ARINC Airline Electronics Engineering Committee (AEEC) in the

ARINC(Aeronautical Radio Incorporated) 664 Specification is prominent and adapted by leading

aircraft manufacturers . The specification provides a means to adapt COTS networking standards

to an aircraft environment. It defines protocol stack, message structure and contents , message

flow, interoperability with relevant ARINC standards[1] . This specifications is also referred as

Avionics Full Duplex Switched Ethernet Network (AFDX). It describes a “more deterministic”

switched Ethernet/IP network, that is, a switched network where a few constraints are applied. On

the transmitting end, called “End-System”, a data transmission rate is associated to one virtual

multicast unidirectional communication channel called “Virtual Link”.

Since a switched network implies the use of a switch, this piece of hardware became crucial to the

design of the network. An AFDX Switch does not only perform packet forwarding as usual, but also

enforces Traffic Policing at its input ports. This feature is based on the “Token Bucket” algorithm

and discards packets that arrive in a pace faster than “Jswitch” milliseconds. This “Jswitch” quantity

is programmed in the AFDX switch and is defined per VL. With Traffic Policing, the AFDX switch

protects the network from what is usually called “babbling idiot”, a misbehaved node that transmits

more that than it is designed to.

The AFDX data frame uses a suffix (lower 16 bits) in its multicast MAC Destination Address to

define a VL. The remainder of the frame takes its model from UDP/IP with one difference: the last

byte is reserved for count frames from 1 to 255, a quantity used in AFDX’es “Redundancy

Management”. The AFDX network uses two physically separated channels, so each AFDX “End-

System” transmits the same data frame in these two channels at the same time. In the receiving

“End- System”, the “Sequence Number” is used by the “Redundancy Manager” to discard frame

copies that arrive too late. Designers of an AFDX network need to take into account several

potential sources of transmission jitter. On the transmitting “EndSystem”, frames are queued before

reaching the physical medium. Inside the AFDX switch, forwarded frames are queued in the output

port before they depart to their destination node. The measure of jitter is relevant to the AFDX

network design, for the “Jswitch” quantity must be correctly estimated and programmed in the

switch for each VL [5].

AFDX Network Architecture

AFDX network consists of three main parts End system (ES), switches and communication links as shown in figure below.

Figure 1 : AFDX Network Architecture

•End system is the interface between the subsystems which transmit data and the network.

•AFDX switch is the central element of the AFDX network that interconnects source End System to destination End system. Links between AFDX network in twisted pair cables but they are divided to virtual links.

•Virtual Link defines a logical unidirectional connection from one source end-system to one or more destination endsystems.

Each Virtual Link has a dedicated maximum bandwidth. This bandwidth is allocated by the System Integrator

Physical topology

As shown in figure 2 below, AFDX network is a star topology network. Each ES has two AFDX ports

connected to 2 redundant networks. Packets are transmitted and received over two redundant

channels to ensure the reliability and availability of the AFDX standard. AFDX ensures a

deterministic behavior through traffic control. Bandwidth is guaranteeing for each Virtual Link

(VL), thereby limiting the jitter and transmits latency.

Figure 2 : AFDX Physical Topology

Virtual Link (VL)

The communication between End System takes place over a single physical communication link.

However, it is possible to establish many logical communication links. AFDX implements transmit

VLs as well as receive VLs. Each transmit VL can only be assigned to one ES. Receive VLs can be

assigned to several ES[3].

Virtual Link Parameters

Bandwidth Allocation Gap (BAG), a timeslot confining the VL's bandwidth by defining the

minimum gap time between two consecutive frames. The BAG value must be in the range 1 -

128ms and must be a power of 2.

Lmax, the largest Ethernet frame, in bytes, that can be transmitted on the virtual link.

Jitter is an upper bounded transmit latency appearing as a frame time offset within the BAG.

Limitations and scope for improvement

With reference to above architecture, we can observe that system is static and neatly defined

where small changes or updates to system involves core component changes , addition of new value

added services and security features leads to heavy aircraft maintenance cycles. There is constant

change in customer perceptions on ROI and constantly evaluating possibility integrate value

addition components complying to regulatory certifications. Hence there is high demand to have

dynamically configured network which can accommodate add on components and provide value

added services in secure and regulated environment. Being successful in commercial

implementations, Software Defined and Virtualization technologies can have positive impact on

aircraft networks.

Network Function Virtualization (NFV) :

Network Function Virtualization in simple terms is implementation of network functions in

software which should be able to run as virtual machine on any industry standard commodity

hardware. Network functions being virtualized can be routing, switching, deep packet inspection,

firewall etc. In a traditional network, each distinct function was typically implemented as a

specialized appliance based on proprietary hardware[2]. Such appliances invariably include a

substantial amount of software, but the software and hardware can’t be separated – they are highly

dependent on one another. Examples of traditional proprietary hardware-based network elements

include routers of various kinds, deep packet inspection devices, content delivery network

appliances, firewalls, load balancers, network address translators, session border controllers,

mobile base station controllers, mobile packet gateways and so on. Whether maintained by the

enterprise, or deployed by the network operator as part of a managed service offering, this

“appliance-centric” practice leads to high initial and ongoing costs, as well as lengthy setup times.

NFV leverages IT virtualization to change this paradigm by providing networking functions as

software-based appliances, referred to as Virtual Network Functions (VNFs), that run on standard

servers instead of dedicated hardware. When utilized by network operators, NFV significantly

reduces the time required to operationalize and activate new service features[4].

Benefits of NFV :

NFV overcomes the constraints of hardware-based appliances by applying standard IT

virtualization technologies to networking

virtualised network provides all the features of a physical network but with greater automation,

agility and flexibility

Reduced CAPEX and OPEX through being able to run network functions on general purpose off the

shelf platforms and being able to run multiple virtual network functions (VNF) on a single

hardware platform

Reduced time to deploy new applications and turn-up new network services

Greater flexibility to scale up, scale down and introduce new applications / services

Easier, cheaper and less risky to trial and deploy new innovative applications / services

In AFDX network architecture Ethernet network controller can be virtualized in addition to

switching functions such as Learning Addresses, packet forwarding and avoiding loops.

Virtualization of communication links is inherent to ADFX architecture which can complimented

with Deep packet inspection and firewalls for enabling security and integrity in the network, which

can provide the flexibility to extend or integrate with internet or other networks (proprietary or

open). It provides a flexibility to add on components dynamically and impose regulatory and safety

constraints on the fly without significant cost or heavy maintenance cycles. With NFV, its

straightforward to implement network management and configuration functions.

Figure depicts 2 virtual links connecting end systems passing through NFV enabled switch which

implements 4 virtual network functions namely switching, Deep packet inspection, Firewall and

Encryption. Virtual links can be routed dynamically through relevant VNF’s based on traffic

requirement, end system constraints etc. system integrators can dynamically configure network for

additional LRU as and when required.

Figure 3 : NFV in AFDX

End System

End System

End System

Hardware Hardware

VNF (Switch)

VNF (DPI)

VNF (FireWall)

VNF (Encryption)0

Conclusion:

We have demonstrated one particular use case and benefits of NFV relevant to Aircraft Data

Networks. NFV can also have profound influence in integrating Cockpit, Passenger, Ground and

Satellite network subsystem. Major contribution of NFV would be implementing and updating

security policies and profiles dynamically on fly which is key for aircraft networks. PKI solutions

can be readily implemented using NFV solutions.

Software Defined Networking (SDN) is another promising concept for programming networks and

network agility. SDN deals with separating control plan from data plane enabling innovation,

testing on production networks with impacting network functionality. NFV is separate from, but

closely related to software defined networking (SDN). While NFV is concerned with converting

appliances to software, SDN is being used to deconstruct today’s network elements into control and

data functions, and then further separating them by the addition of protocols or APIs. This

separation allows the creation of centralized control and a programmable network

References

[1] Amarnath Jasti, Surya Mohapatra, Bhargav Potluri and Dr Ravi Pendse,,”Cloud Computing In Aircraft Data Networks”,IntegratedCommunications Navigation and Surveillance Conference ,May 2011

[2] Stan Hubbard, Heavy reading , “Automating Carrier Ethernet 2,0 Service Delivery & Preparing for SDN-Enabled Services”, WhitePaper, September , 2013

[3] M.S Ali, R Bhagavathula and R Pendse, Department of Electrical andComputer Engineering, “Airplane Data Networks And Security Issues”,Wichita State University,USA,2004.

[4] M. Cohn, “NFV, An Insider’s Perspective: Part 1: Goals, History, andPromise,” Sep 2013, http://www.sdncentral.com/education/nfv-insidersperspective-part-1-goals-history-promise/2013/09/

[5] J.B. Itier, “A380 Integrated Modular Avionics”, http://www.artist-embedded.org/docs/Events/2007/IMA/Slides/ARTIST2_IMA_Itier.pdf, ARTIST2 meeting on Integrated Modular Avionics, 2007.