United States Army South (USARSO)Network Simulation and Analysis Using OPNETAlbert M. Rivera, Charles Baxter, Ph.D., Ralph Martinez, Ph.D.Figure 2Figure 3Figure 4Figure 5Figure 9Figure 10Figure 11Figure 12ReferencesAPPENDIXList of FiguresFigure 1 USARSO NetworkUnited States Army South (USARSO)Network Simulation and Analysis Using OPNETAlbert M. Rivera, Charles Baxter, Ph.D., Ralph Martinez, Ph.D. U.S. Army Information Systems Engineering CommandFort Huachuca, Arizona 85613-5300Email: [email protected] 1996, as a provision of the United States Treaty Implementation Plan (TIP) with Panama, the United States Army Information Systems Engineering Command (USAISEC) was tasked to engineer the relocation of the U.S. Army South (USARSO) Command from Panama City, Panama to Ft. Buchanan, Puerto Rico. Specifically, USAISECdeveloped the engineering design requirements for all the Command, Control, Communications, Computers, and Intelligence (C4I) Systems to be relocated or installed at Fort. Buchanan, Puerto Rico. A key C4I system engineered and installed was the USARSO Unclassified Campus Area Network (CAN). The urgent requirement to engineer and install the unclassified network precluded the use of any modeling techniques to validate the system design. The USARSO CAN design was based on proven designs for Ethernet networks installed throughout U.S. Army installations worldwide. In order to validate the as-installed network, an OPNET simulation was developed. This document presents the results of that OPNET simulation.The USARSO CAN installed and currently operating at Fort Buchanan is a Gigabit Ethernet backbone network with Fast Ethernet to the desktop. The network consists of approximately 1200 users located throughout 35 facilities. A security-in-depth implementation is installed on the USARSO network, however, for security reasons, the simulation of the security design is limited to the default attributes of the firewall implementation only. Protocols and applications included in the simulation include SMTP and X.400 email, HTTP web browsing and database access. Destination of all HTTP traffic is remote to the network, while SMTP and database traffic is partially internal and external based on specified attributes. Finally, the key simulation results considered are the Ethernet Delay within the local network and the throughput and utilization of the T-1 circuit to the Wide Area Network (WAN).Introduction The purpose of this document is to present the results of an OPNET simulation conducted on the as-installed Campus Area Network (CAN) for the United States Army South (USARSO) Command at Fort Buchanan, Puerto Rico. The CAN installed and operating at Ft. Buchanan is a Gigabit Ethernet backbone network with Fast Ethernet to the desktop. An illustration of the installed network is presented in Figure 1. Figure 2 illustrates the security in-depth implemented with the exception of the Intrusion Detection System (IDS), an Email Screen and Web Cache. Inclusion of these devices will be considered in future simulations. The urgent requirement to engineer and install the automation network for USARSO precluded the use of any modeling techniques to validate the system design. The CAN design was based on proven designsfor Ethernet networks installed throughout U.S. Army installations worldwide. The objective of this simulation is to validate the CAN design currently installed and identify any shortcomings or improvements. Based on the data included inthe simulation, Ethernet Delay within the network of less than 1000μs and T-1 throughput and utilization less than 50% would be considered acceptable results. Catalyst 5509- RSMGateway RouterCatalyst 5509- RSMGateway RouterCatalyst 5509 Catalyst 5509 Catalyst 5509 Catalyst 5509 Catalyst 5509 Catalyst 5509ADN #1 ADN #2 ADN #4Catalyst 5505Switch #1Catalyst 5505Switch #18Catalyst 5505Switch #1Catalyst 5505Switch #8Catalyst 5505Switch #1Catalyst 5505Switch #11DNS/DHCPServer (1)DNS/DHCPServer (2)Data BaseServerEmailServer (1)File Servers(2 each)PDC EmailServer (2)File Servers(2 each)Catalyst 5509 Catalyst 5509BDCUSARSO NetworkFIGURE 11Security RouterCatalyst 2916Premise RouterCatalyst 2916FirewallCatalyst 2916Catalyst 5509- RSMGateway RouterDial-in ServerEmail ScreenIDS EngineIDS EngineDNSCatalyst 5509- RSMGateway RouterNIPRNET256K CktWeb Cache EngineT-1 CktSecurity in Depth ImplementationFigure 2Background In 1996, as a provision of the Treaty Implementation Plan (TIP) with Panama, the United States Information Systems Engineering Command (USAISEC) was tasked to engineer therelocation of the USARSO Command from Panama City, Panama to Ft. Buchanan, Puerto Rico. One aspect of the relocation effort was the engineering and implementation of the CAN supporting USARSO throughout thirty-five (35) separate facilities. The following outlines the basic technical requirements used for the engineering design of the USARSO CAN.In accordance with Department of Defense (DoD) and Department of Army (DA) policies, a Windows NT network operating system would be deployed that includes specified security and authentication requirements.Fiber-Optic Infrastructure. A single mode and multimode fiber optic and category 5 infrastructures would be implemented within each USARSO building in accordance with EIA/TIA 568A and 569 standards. In addition, the Outside Cable Rehabilitation Program (OSCAR) would installfiber optic cabling between buildings as defined by the USAISEC Site Requirements Package (SRP). Gigabit Ethernet Backbone. A Gigabit Ethernet backbone would be implemented between the Main Switch Nodes (MSNs) and the Area Distribution Nodes (ADNs). In addition, a server farm consisting of seven (7) servers would be realized connecting to the network via Gigabit Ethernet links.Desktop Network Access. All client workstations would be connected to the network using Fast Ethernet links.NIPRNET Access. Wide Area Network (WAN) connectivity is provided through the Government NIPRNET using a T-1 link. A backup low speed circuit (256Kbps) connected to the NIPRNET is also included in the design, but not considered in the simulation.Windows NT-4.0 Clients. Client workstations would implement the Windows NT 4.0 Operating System. Client workstation attributes would be simulated as OPNET NT Workstations.Centralized servers. All system servers to include email, file, database, and primary and backup domain controllers would be installed