For the United States military communications environment, where extranets handling different levels of sensitive-but-unclassified and classified data, the underlying "service provider" physical network is the Defense Information System Network (DISN). While there are different extranets above the DISN, they are not necessarily virtual private networks, as secure communications technology is not trusted to run unencrypted information, with different sensitivity levels, in the same router.

According to its management office, DISN "... has been the United States Department of Defense's enterprise network for providing data, video and voice services for 40 years." During those 40 years, the speed of the physical transmission lines have been increasing, and, in a major architectural transition, it moved from the Public Asynchronous Transfer Mode(PATM) circuit switching to a worldwide IP routing core. The core interfaces to classified provider edge (CPE) routers, which split off the traffic of a particular sensitivity level

Testing facility

The DISN-LES is a Defense Working Capital Fund cost-reimbursable program migrating from the The DISN-LES is a Mission Assurance Category III program designed to pass encrypted unclassified and classified traffic via the Classified Provider Edge (CPE) Routers of the DISN and provide capability for subscriber sites requiring "Next Generation" network, encryption, software, NETOPS, and advance services not offered by other DISN Subscriber Services (DSS). ^[1]

References

The network provides a non-Command and Control, risk aware infrastructure identical to the DISN core available to subscribers of a variety of Communities of Interest to support a "test once" Capability Test and Evaluation (T&E), Interoperability, Information Assurance, Certification and Accreditation (C&A), and Operational T&E (OT&E) environment which would include Developmental (DT), Interoperability (IOP), Information Assurance (IA) and Net-Centric Key Performance Parameter (NR-KPP) compliance testing of capabilities, systems, equipment, network monitoring and management technologies, data link compliance, compatibility testing among products produced on evolving standards for systems planned for the operational community.

The IPv6 capable transport provides Quality of Service(QoS) for customer use of advanced services that support Resource Reservation Protocol (RSVP)), Virtual Private LAN Services (VPLS), bridged VLANS, Multicast and Broadcast (e.g., Links 11/16) protocols. The DISN-LES is piloting controlled interface solutions with SIPRNet, NIPRNet and DMZs which supports federating emerging and current capabilities, to facilitate a "Test and Train like we Fight" joint operational mission environment for the development of tactics, techniques and procedures (TTP) and for access to Live, Virtual, Constructive (LVC) resources in support of acquisition requirements. The results of network, hardware and software tests and exercises are shared with equipment and software suppliers and government organizations to provide a Net-Centric real world experience with the technologies that influence network designs and system acquisition decisions throughout the industry.

Of course, if the data is appropriately encrypted so DISN routers would only know where to deliver packets, perhaps only to a gateway to a more sensitive network so the internal destination

JWICS

Tactical interfaces

JWICS connectivity and equipment is used in conjunction with the Trojan SPIRIT/LITE, SCI TDN, CGS-300, SCI DMS, PKI, JDISS software, tactical receivers for broadcast, GALE-LITE, PASS-K, PASS-J, TCAC, and IAS.

JWICS to Intelink-C

Also known as JDISS Four Eyes, interconnects UK, US, CA, AU. Stoneghost is UK bearer network.

PDS

Protected distribution system (PDS). An approved transmission adequate acoustical, electrical, electromagnetic, and physical safeguards have been applied to permit the transmission of unencrypted classified information. The associated facilities include all equipment and wire lines to be safeguarded. The major components are defined as follows: a. Distribution system. The metallic wire paths or fiber optic transmission paths that provide interconnection between components of the protected system. The distribution system may be an internal PDS within the controlled space or an external PDS traversing an uncontrolled access area. b. Subscriber sets and terminal equipment. The complete assembly of equipment, exclusive of interconnecting signal lines, located on the end user's or customer's premises. This includes such items as telephones, teletypewriters, facsimile data sets, input/output devices, switchboards, patch boards, consoles, or any other device which processes classified information.

When the distribution system is totally confined to an area where open storage of the highest classification level is authorized, there is no specific need for protection. Otherwise, site-specific protection is needed. For example, the wires or fibers may run through thick concrete ducts or steel pipes, positioned such that human security personnel would see any attempt to cut through the protective shell, much less wiretap the line. Other approaches include putting the RED transmission facility inside a pipe that is pressurized with gas, such that cutting into it would cause a drop in pressure that would immediately trigger an alarm.

Some end and interconnection equipment may be placed inside a "bubble" of clear plastic or wire mesh, so the lines and other devices are under constant visual observation.