4. 1 Introduction
This document presents the system architecture for a notional enterprise router derived
using the Model Based System Architecture Process (MBSAP). The MBSAP is a system
engineering process that leverages modeling to provide clarity to the lifecycle of a system
from concept to deployment. Figure 1.1 depicts the overall methodology for MBSAP and
points out the steps taken at each phase of the process. A powerful benefit of the MBSAP
methodology is that diagrams are developed at each phase of the process to provide
transparency of the system to stakeholders. This allows continual communication and
feedback to produce a system that satisfies the desires of the stakeholder(s). As a result, the
process is iterative in that the models can readily adapt to changing requirements and
metrics can be produced at each stage of development. The system prototype evolves at
each development stage as depicted with the red arrows in Figure 1.1.
Figure 1.1: MBSAP Methodology Overview
The Enterprise Router architecture is built using the System Modeling Language (SysML)
profile and the diagrams are created in the IBM Rational Rhapsody Architect for System
Engineers tool.
2 Model Organization
The system model is based on Views and Perspectives defined by the MBSAP in Figure 1.1.
The top-level browser created in the Rational Rhapsody tool includes the following
packages:
5. A. Use Cases: contains the Use Cases, Actors, and relevant diagrams. Diagrams
include Activity Diagrams pertaining to the scenarios of a Use Case.
B. Structure: contains Block Diagrams as well as behaviors that are limited to one
Block. The Block Diagrams show the Domains involved in the system as well as
decompositions of these Domains. The behaviors containing one diagram are
typically State Machine Diagrams.
C. Behavior: contains Sequence Diagrams, State Machine Diagrams and other
Diagrams that model the Behavior of the overall system.
D. Data: contains Block Definition Diagrams for the Conceptual Data Models and
Logical Data Models.
E. Context: contains diagrams on the external environment as well as anything else
that does not fit into the aforementioned perspectives.
The sections to follow incorporate the previous packages into the following viewpoints
related to the MBSAP:
Operational View (OV)
Logical/Functional View (LV)
Physical View (PV)
Security
Reference Architecture (RA)
Enterprise Architecture (EA)
3 Operational View Artifacts
3.1 Requirements
The objective of the OV is to transform customer requirements into an architectural
context by producing OV artifacts. The result of this is a concrete foundation in which the
continuing design can be derived from, making it essential to spend adequate time on this
phase. The following tables outline the functional and nonfunctional requirements for an
enterprise router. The requirements define the basis of the traceability of the system and
give a starting point for ensuring the customer’s needs are proven to exist in the final
system. Functional requirements pertain to the functionality and performance of the
system whereas nonfunctional requirements pertain to characteristics of the system that
are not associated with performance. Functional requirements are often thought of as
performance requirements while nonfunctional requirements describe the ability,
maintainability, and availability (RMA) of the system.
6. Table 3.1: Functional Requirements
Requirements Area High-Level Requirements
Routing ▪ Route packets within an autonomous system (OSPF)
▪ Understand neighboring topology of routers and
determine link failure (OSPF)
▪ Optimize how fast packets can be delivered by
determining shortest path (OSPF)
▪ Interact with peers across the network to perform route
updates (BGP)
▪ Support processing IPv4 and IPv6 packets
▪ Deployability on high performance telecommunication
networks using MPLS
Security ▪ Hide the internal IP addresses from the outside IP
addresses (NAT)
▪ Perform encryption on outgoing packets so that outside
sources cannot read transmitted data (AES)
Diagnostics, Logging and
Monitoring
▪ Must be able to export information flows to collecting
source for analysis (sFLow/netFlow)
▪ Ensure that latency and bandwidth are being
maintained throughout operation (SNMP)
▪ Be able to identify router alerts and display the system
logs (syslog)
Table 3.2: Nonfunctional Requirements
Requirements Area High-Level Requirements
Resource Constraints
▪ Meet required processor speed
▪ Meet required memory demands
▪ Contain WAN and LAN Ethernet ports
▪ Support required bandwidth throughput
Reliability
▪ Contain back up power sources
▪ Meet standard operable temperature requirements
Security
▪ System located in a secure area
▪ Create user account with read/write for appropriate
personnel
▪ Satisfy standard accreditations to process sensitive
information
The requirements are more commonly developed using SysML’s Requirements Diagram,
which allows the requirements to be linked to other architectural elements to show
traceability.
7. 3.2 Structural Perspective
The structural perspective is created by defining and partitioning groups of the system into
Domains based on similar functions and resources. Figure 3.1 shows the primary Domains
of an enterprise router and Associations that are made between the Domains and external
Actors using a Block Definition Diagram (BDD).
Figure 3.1: Router Domain Diagram
3.2.1 System: Router
Description: The enterprise router is a generic networking device that is used primarily to
receive and send packets to different devices on the network based on the packet header.
The use of routers is integral in creating a network of any size that can efficiently and
securely transfer data from one place to another.
3.2.2 Domain: Configuration Management
Owner: The administrators of the system who require access to modifying the operations
of the router.
Description: This domain will be responsible for modifying the configuration file in the
router in order to change configurations such as routing table, VLAN connections, policies,
etc. This domain also includes setting up access to the router so the configuration interface
can be reached.
8. Definitions:
CLI: Command Line Interface
SSH: Secure Shell
Telnet: Unsecure protocol for accessing the configuration terminal
Operations:
Router Access (via serial connection, Telnet, SSH, etc.)
Credentialed Login
Monitor Network
Analyze Network
Configure Router
Data:
CLI Commands
Device Information
Network Information
Interfaces:
Serial Console
Networked Management
Allocated Requirements:
Diagnostic/Monitoring FR Requirements
NFR requirement of creating read/write privileges for certain accounts
3.2.3 Domain: Forwarding Plane
Owner: A Network Vendor will typically be responsible for creating the components in this
domain but System Administrators will need access to perform configuration.
Description: This domain is responsible for sending and receiving packets,
reading/validating packet headers, performing packet scheduling, etc.
Definitions:
QoS: Quality of Service carried out by putting packets in a buffer until there are
configured to be sent
NIC: Network Interface Cards are the hardware components that allow cables to be
plugged into a router
Forwarding Table: Table of MAC addresses used to determine what location a
packet should be sent
Operations:
Initially receive a packet off of the network
Handle the packet header
9. Find the destination MAC address in the forwarding table,
Attach the packet header
Send the packet the destination
Data:
Raw packets coming off the network
Interfaces:
Physical connections into and out of the router
Connections to the control plane to receive routing information
Allocated Requirements:
FR requirements that deal with routing since the domain is responsible for putting
packets on the network.
NFR requirements relating to throughput since the bandwidth relies on how fast the
forwarding can be achieved.
3.2.4 Domain: Control Plane
Owner: Network Vendor will typically be responsible for creating the components in this
domain but System Administrators will need access to perform configuration.
Description: This domain will be responsible for maintaining routing protocols and
carrying out routing protocols. This is the main source of intelligence in a router.
Definitions:
CPU: Central Processing Unit that is responsible for processing the routing control
Routing Table: Stores source and destination IP addresses based on static routes
and results of routing protocols
BGP: Border Gate Protocol, which is a exterior gateway protocol use to discover
network topology through its peering neighbors
Operations:
Receives a packet from the forwarding plane
Identifies the destination IP address
Checks the routing table
Sends the packet back to the forwarding plane with the next hop information
Data:
Network packets stripped of Layer 2 header
Interfaces:
Management Plane
Forwarding Plane
10. Allocated Requirements:
FR requirements that deal with routing since the domain control routing
intelligence
NFR requirements dealing with creating read/write privileges for user accounts
3.3 Behavioral Perspective
Figure 3.2 shows some Use Cases for the enterprise router including support and mission
activities. Theses use cases link User Roles with various activities.
Figure 3.2: Use Cases
3.3.1 Use Case: Configure Routing Protocols
Owner: System Administrator
General Description: In order to intertact with the network, routing protocols must be
enabled and configured. This use case denotes configuring routing protocols (BGP, RIP,
OSPF, etc.)
11. Preconditions: Router must be powered on on configured with an IP address so it is on a
network
Postconditions: Router will be able to communicate with other routers on the network
User Roles: System administrator is the User that performs router configurations
Data Objects: Typically performed over a CLI so data transfer is from the CLI of the sys
admin machine to the configuration file on the router, plain text in the case of Telnet and
encrypted data in the case of SSH
Primary Scenario: Configure new protocol
Secondary Scenario: Update exisitng protocol
Allocated Requirements: FR requriements related to routing
3.3.2 Use Case: Network Monitoring System (NMS) Tool Operation
Owner: Network Monitoring Team
General Description: NMS Tool Operation is performed to monitor the health of the
network. Through this use case functions will be performed such as identify down links,
check throughput, show topology, etc.
Preconditions: NMS Tool must be set up to poll router via SNMP
Postconditions: Charachteristics of the router can be realized
User Roles: Network Monitor
Data Objects: Data gathered from routing protocols, Data transferred through SNMP
Primary Scenario: Showing the stakeholders how the router is functioning
Secondary Scenario: Show maintenance/sys admin when components of the router or
nearby routers are not working
Allocated Requirements: Confirm NFR resource constraints are being met
3.3.3 Use Case: Hardware Repair
Owner: Technical Support
General Description: When components of the hardware are seen as unoperational, the
hardware repair will analyze and fix prblem within router
12. Preconditions: Problem with the system
Postconditions: System is fixed
User Roles: Technical Support
Data Objects: Hardware
Primary Scenario: Interface cards are down and need repair
Secondary Scenario: Commodity hardware such as CPU needs to be fixed
Allocated Requirements: Meets NFR relating to Reliability
3.3.4 Use Case: Hardware Expansion
Owner: Technical Support
General Description: When components of the hardware are reaching a threshold in
terms of compute, memory, storage, etc. and need to be upgraded or additional hardware
needs to be added
Preconditions: System is being overutilized
Postconditions: System is scaled and the load is managable
User Roles: Technical Support
Data Objects: Hardware
Primary Scenario: More networks exist than the router can handle so a module is added
or the system is upgraded
Secondary Scenario: CPU utliziation is at a maximum and more processing is added
Allocated Requirements:
FR relating to being able to process data
NFR dealing with Resource Constraints
3.3.5 Day in the Life Activity Diagram
Figure 3.4 shows an Activity Diagram for sending data through a router starting with
creating a new system user then implementing a new VLAN and finally sending data. This
diagram is referred to as a “Day in the Life” and is used to show common operations on the
system including the Users and Domains related to the associated activity. The process can
be called a Mission Thread and is used to model major end-to-end system activity.
13. Figure 3.4: Day in the Life Activity Diagram
3.4 Data Perspective
Figure 3.5 shows a Conceptual Data Model (CDM) for the enterprise router. This diagram is
used to identify Foundation Classes that describe broad categories of system information
as well as defining Attributes and Operations for these classes. It also shows the
relationships and associations between the classes.
14. Figure 3.5: Data Foundation Classes
3.4.1 CDM Block Descriptions
Data Packet: Foundation Class for a unit of data that travels through the system containing
attributes such as data category, time stamp, owner, and access list. This is the most
abstracted Foundation Class
IPv4: Foundation Class for the most typical formatted data type. IPv4 is the 32 bit string
used to identify Layer 3 activity. Attributes include IPv4 ID, IPv4 Type, and Priority.
15. IPv6: Foundation Class for the evolutionary formatted data type. IPv4 is the 128 bit string
used to identify Layer 3 activity. Attributes include IPv6 ID, IPv6 Type, and Priority.
Layer 2 Header: Foundation class for identifying the Layer 2 MAC address of a data packet
Layer 3 Header: Foundation class for identifying the Layer IP address of the data packet
and also includes information on the protocol used by the particular data element.
3.5 Services Perspective
Systems are being designed to operate in a Service Oriented Architecture (SOA) in which
services are provided to clients in a way that does not require the client to know the
physical address of a data host but a simple protocol will request and deliver a service. The
Services Taxonomy shown in Table 3.3 aims to map Domains and Use Cases to various
system services. In this system, the services are Router Operations and Maintenance and
Support. This taxonomy will be explored more and expanded on in the Logical and Physical
Views.
Table 3.3: Services Taxonomy
System Services Use Cases Domains Domain Services
Router
Operations
Device Configurations
Config_Mgmt
▪ Show all remote access types
▪ Get route MAC address
Control_Plane
▪ Add static route
▪ Enable BGP
Maintenance
and Support
Hardware Expansion Forwarding_Plane
▪ Add line card
▪ Add extra forward processing
3.6 Contextual Perspective
Figure 3.6 shows the environmental context of the enterprise router. This diagram shows
what external entities the system operates with at a high level relating to environmental
affects.
16. Figure 3.6: Router Operational Context
3.6.1 Air Circulation
Defines how the router is physically located in the environment such that adequate air
circulation is provided. Since electrical equipment generates heat, the equipment must be
in a location where operation temperatures can be maintained.
3.6.2 ESD Prevention Procedures
Defines the techniques for following Electrostatic Discharge (ESD) prevention so that static
discharge cannot affect the relevant equipment.
3.6.3 Network Cabling
Defines how the auxiliary and console cables should be installed to maximize security and
operability.
3.6.4 Compliance Safety Checklist
Defines a checklist used in installation to ensure that all the proper safety requirements are
met as to not provide improper power consumption and other factors that may affect the
integrity of the system.
3.6.5 Filler Panel Inserts
Defines the proper location to insert filler panels so that air leaks do not exist to reduce
airflow to internal components.
17. 3.6.6 Power Requirements
Defines the proper operational power levels and types of power that can be used for a
specific system.
4 Logical/Functional View Artifacts
4.1 Structural Perspective
Figure 4.1 shows a decomposition of the Forwarding Plane into smaller Subdomains
displayed in an Internal Block Diagram. The IBD shows how different Subdomains of the
forwarding plane interact with one another by detailing ports that show how and where
the Domain interacts with other Domains. The Logical Structural perspective expands on
previously defined Domains created in the Operational perspective and will be expanded
on even more with a detailed design in the Physical viewpoint.
Figure 4.1: Forwarding Plane Domain Decomposition
18. 4.1.1 Forwarding Table
This Subdomain provides the forwarding information that provides the proper interface to
which the input interface should forward a packet, in other words, it is used to map MAC
addresses to ports. It directly interacts with the bus interface a queue manager.
4.1.2 Network Interface Card
This Subdomain is the router-facing interface that accepts packets and forwards them to
the queue manager. Depending on the processing power of the NIC, it can sometimes be
used to strip the header for further manipulation.
4.1.3 Bus Interface
This Subdomain is the interface to the control plane and will forward the packets to control
with information derived from the forwarding table.
4.1.4 Queue Manager
This Subdomain is used to determine if the packet is ready to go to the forwarding table or
if it needs to wait to be processed. It interacts with the forwarding table and the packet
buffer.
4.1.5 Packet Buffer
This Subdomain is the area that a packet goes when it is waiting to be processed by the
forwarding table. The queue manager identifies if the forwarding table can accept a packet
and if not it is send to the packet buffer.
4.2 Behavioral Perspective
Figure 4.2 shows the behavior of the forwarding plane when the forwarding table is
accessed by the queue manager to deliver packets to correct ports. The loop is enabled
whenever data collection is set to active and the interaction between these Subdomains is
carried out for each packet that enters the router. Again, a route in this context refers to the
route from the given MAC address to its associated port.
19. Figure 4.2: Sequence Diagram for Packet Forwarding
Figure 4.3 shows a State Machine diagram of the forwarding table and the process of
finding and mapping a MAC address to a given port, in this diagram a MAC address is
expressed as a “route.”
20. Figure 4.3: Forwarding Table State Machine Diagram
4.3 Data Perspective
Figures 4.4 and 4.5 portray the Logical Data Model (LDM) by transforming a Foundation
Class in the CDM into a System Class. Each block is connected using Composite Associations
and Reference Associations to show a part property and a reference property respectively.
Figure 4.4 and Figure 4.5 breakdown the IPv4 and IPv6 data string into its primary
components: header, length, location address, protocol, and the payload (data).
21. Figure 4.4: Logical Data Model for IPv4
Figure 4.5: Logical Data Model for IPv6
22. 4.4 Services Perspective
Table 4.1 decomposes System and Domains Services in the Services Taxonomy created in
the Operation Viewpoint and allocates them to Classes/Blocks and their Operations. This
procedure identifies the layers where various Services are mapped.
Table 4.1: Services Taxonomy
System
Services
Use Cases Domains Domain
Services
Classes/Blocks Operations
Router
Operation
Device
Configration
Config_Mgmt Remote
Access
Configuration
SSH showSSH()
enableSSH()
setSSH()
Telnet showTelnet()
enableTelnet()
setTelnet()
Routing Table
Access
RouteInformation showRoute()
addRoute()
deleteRoute()
setRoute()
Protocol
Configuration
BGP showBGP()
enableBGP()
setBGP()
OSPF showOSPF()
enableOSPF()
setOSPF()
IS-IS showISIS()
enableISIS()
setISIS()
23. Figure 4.6 shows the Configuration Management Domain in terms of its Domain Services
which functions to provide Route Information to the Control Plane. The Route Information
gathered using the supported routing protocols and is delivered using the SSH or Telnet
protocols as depicted in the following diagram.
Figure 4.6: Configuration Management Service Domain
24. Figure 4.7 depicts the Layered SOA approach by showing the application of design patterns
to elements of the architecture from the Human Machine Interface (HMI) down to the
required hardware resources. It should also be noted that various Security Services are
applied across all layers of the SOA.
Figure 4.7: Layered SOA Graphic
25. Figure 4.8 expands on the previous graphic by implementing a SysML diagram into the
model. Blocks are used to represent layers and contain the services in each layer. The
associations among blocks are dependencies and are downward-oriented.
Figure 4.8: Layered SOA Model
4.5 Contextual Perspective
The following list outlines some contextual perspectives that relate to the enterprise
router:
1. Federal Regulations that take aim to protect vulnerable data e.g. SOX, HIPAA, and
PCI DSS
2. Environmental Perspectives:
a. Power requirements and dispersion graphic
b. ESD prevention procedures
c. Compliance Safety Checklists
26. 3. Enterprise/Data Center Architecture in order to determine how many ports the
router will need, what it will need to be connected/networked to, etc.
5 Physical View Artifacts
5.1 Design Perspective
5.1.1 Component Specification
Router Domain
Description: The router block is the overall system that packages the routing features with
the hardware components. The router described in this system is capable of doing routing
in the core as well as sitting at the edge of the datacenter. It can be made with components
of different COTS vendors or produced directly from a commercial vendor such as Cisco,
Juniper, Brocade, HP, etc.
Physical Software Components include Operating Systems (Cisco IOS, JunOS, etc.) and file
system structures. Included here can be OS manuals from the vendor.
Environment specifications include data and spec sheets that show the router’s
temperature range and power quality.
Forwarding Plane Domain
Description: The forwarding block can be realized in several different ways. The optimal
view of this physical implementation would be Network Interface Cards that include the
ports and forward processing micro controllers.
Installation and maintenance data sheets will be inserted here to demonstrate how a NIC
can be integrated into the router and how to fix issues that may arise with this component.
Control Plane Domain
Description: The control block is where the bulk of the memory and processing will sit to
do controlling tasks such as calculate routes and perform routing protocols and strategies
such as BGP, RIP and perform QoS.
Hardware Elements: Physical Memory: Flash (boot), NVRAM (startup-config), ROM (ROM
monitor), RAM (Running Config, Routing Table, etc.), Central Processing (CPU), Bus
Interface, System Bus, System Fabric / System Controller
5.1.2 Interface Specification
The critical external interface for this system is the port that communicates with external
entities. There will be a combination of Fast Ethernet ports and Gigabit Ethernet ports
ranging from 10-20 existing ports. The other external interface here is the Serial port used
for initial configuration of the router to make sure it is accessible on the network.
27. A good way to depict the internal interfaces is in terms of a routing protocol matrix that
shows the possible routing capabilities and different characteristics of these protocols. This
is depicted in the table below:
Table 5.1 Routing Protocols Matrix
RIPv1 RIPv2 IGRP OSPF EIGRP IS-IS BGP
Sign R I O D i E
Network
Size
Small Large Between AS
(Large)
Vendor Independent Cisco Independent Independent Cisco Independent
Type Distance Vector Link-State Distance Link-
state
Path
Metric Hop Count BW/Delay Cost BW/Delay
Hop
Count
Max 15 Max 255 Max 224
5.2 Standards Perspective
The PV adds a Standards Perspective in order to highlight the importance of
standardization in system modeling. Table 5.2 defines some Standard Categories and maps
them to the actual Standards that will be encountered in industry.
Table 5.2: Standards Perspective
StandardsCategories Typical Standards
HumanMachineInterface(HMI):
- User Interface Design
- Style Guides
- Symbology
Goal – SeamlessInterfacefor
Config/Reporting
- GUIStandards
- Mission Oriented Style
- DoDsymbols and graphics
InformationAssurance(IA):
- Operating System Security
- Cyptography
- EnclaveBoundary Security
- Intrusion Detection
- PhysicalSecurity
Goal – Comms.Betweenand AmongSystems
- Standard OS Security
- Encryption/Decryption
- Firewalling and Proxy Servers
- Intrusion DetectionExchange Protocol
(IDXP)
- Security Standards for Media
InformationTransfer:
- Host Systems
- File Transfer
- Remote Terminals
- Networking
- Transport Services and Protocols
Goal – Comms.Betweenand AmongSystems
- IETFInternet Host Standards
- File Transfer Protocol(FTP)
- Telnet and SSH
- SNMP and TMN
- TCP and UDP
28. 5.3 Timing Diagrams
Figures 5.1 and 5.2 show the Forwarding Plane and PKI Sequence Diagrams respectively
that are addressed at other locations in this paper. A characteristic that can model a
physical aspect of these diagrams is the actual timing involved to complete the sequence of
events. Figure 5.1 estimates that the time it takes to complete packet forwarding is around
100ns which can vary depending on the load on the system and the physical components
that are performing this operation. Figure 5.2 shows the Public Key Infrastructure (PKI)
that will be discussed in the following section. The timing in this diagram shows that the
procedure takes about 10ms to complete given the complexity of the steps involved.
Figure 5.1: Forwarding Plane Timing
29. Figure 5.2: PKI Timing
5.4 Services Perspective
The physical view completes the Services Perspective, which aims at mapping customer
requirements to the final system. This is expressed in Table 5.3 by showing what Use Cases
pertain to a system service and how those map to LV elements and ultimately physical
operations. This Service Perspective completely maps the device configuration Use Case to
different system services and LV elements.
30. Table 5.3: Service Perspective
System Services Use Cases Domains
Domain
Services
Classes/Blocks Operations
Remote Login::
This service provides
users and
administrators the
capability to login to
the router. This can
serve the purpose of
configuration,
analytics, and
maintenance
Device
Configuration
Config_Mgmt
Remote Access
Configuration
SSH
showSSH()
enableSSH()
setSSH()
Telnet
showTelnet()
enableTelnet()
setTelnet()
Route Configuration::
This service allows
administrators to
define paths that a
router can take to
reach a destination in
the network
Routing Table
Access
RouteInformation
showRoute()
addRoute()
deleteRoute()
setRoute()
Route Discovery::
These internal
services are carried
out by the router to
identify the location of
other routers within
the network and
outside of the AS
Route Discovery
BGP
showBGP()
enableBGP()
setBGP()
OSPF
showOSPF()
enableOSPF()
setOSPF()
IS-IS
showISIS()
enableISIS()
setISIS()
5.4.1 Interface: Remote Access
The purpose of this service is to allow users and admins to access the router terminal from
remote locations. The two main methods of performing remote access is through SSH and
Telnet.
31. SSH: Secure Shell is an encrypted network protocol used to allow remote login. The
standard TCP port used is TCP port 22. An SSH client must be used from the remote
machine such as PuTTY.
Telnet: Telnet is an unsecure application layer protocol used to provide bidirectional
communication to and from two devices. This is carried out using TCP port 23.
Figure 5.3 Remote Access Service Interface
5.4.2 Interface: Routing Table
The routing table service is used by administrators to configure accessible routing
networks for IP traffic. The standard CIDR notation should be used to configure these
routes that include an IP address and the subnet mask to denote how big the reachable
network is. A gateway address must also be included to provide the next-hop for the router
so access can be obtained. In the cisco world, this is carried out using the following
command sequence:
32. Figure 5.4: Routing Table Service Interface
5.4.3 Interface: Route Discovery
Unlike the static routing service, the automatic route discovery uses protocols to
dynamically update the routing table. Dynamic routing is carried out by using standard
communication protocols to detect network paths e.g. best path, alternate path, etc. Some
standard protocols used to carry out this operation are RIP, OSPF, IS-IS, and BGP. Figure 5.5
shows the service interface for route discovery.
33. Figure 5.5: Route Discovery Service Interface
5.4.4 Complex Service Execution: Remote Configuration
Figure 5.6 shows how a complex service can be derived from two simpler services. The
remote access service can be leveraged to access the routing table service in order to
perform a remote configuration. The user is this case is the Administrator as shown in the
diagram.
Figure 5.7 shows a Behavioral Diagram that depicts a configuration service flow. This
diagram leverages some elements of the aforementioned Complex Service Diagram.
34. Figure 5.6: Remote Configuration Complex Service
Figure 5.7: Configuration Service Flow
35. 6 Security
Security is a critical feature of any system given the amount of computer crime in the world
today. Given the amount of sensitive data the travels through the enterprise router, it is
even more critical to make sure security is addressed and mitigated. Several classes of
security compromises that can be performed on information-intensive systems are attacks,
corruption, theft, unauthorized use, as well as other malicious acts. This section will aim to
address these security vulnerabilities.
6.1 Security Features
Table 6.1 presents various security features and maps them to a potential Model Element
that they can be mapped to.
Table 6.1: Security Features
Security Features Description Model Element
Building Security
Make sure building is secured with cameras,
badge entry, etc. Physical Security
Router Enclosures
Make sure physical router is protected by
mounting in a rack and potentially surrounding it
with a fence enclosure Physical Security
Secure Remote Access
Turn off the ability to telnet and use SSH to ensure
that remote access is being encrypted
Management
Plane
Disable Unused Services
Turn of services that are never used especially
those that use UDP.
Management
Plane
Password Management
Define a password to authenticate into the device.
Implement an NTP key, SNMP community string,
or Routing protocol key.
Management
Plane
IMCP Redirects and
Unreachables
Router features that are used to handle
misconfigurations and packet transmission failures Control Plane
Secure BGP
Best practices at securing the BGP protocol such
as TTL-based security protections and BGP peer
authentication Control Plane
Secure IGP
Secure exchanging of route information using
routing protocol authentication and verification Control Plane
Private VLANs
Implement private VLANS to limit connectivity
between workstations and/or servers Data Plane
6.2 Structural View
Figure 6.1 presents a SysML Domain Diagram that expresses the high level Domains in the
overall system: Public WAN, Enterprise Router, Honeypot, Intrusion Detection System
(IDS), Firewall, and Private LAN. This is a very common structure for setting up a LAN that
connects to a WAN.
36. Figure 6.1: Security Domains
6.2.1 Domain: Public WAN
The Public WAN is most typically viewed as the Internet and is the network that is used to
access other resources physically located in another area. This is typically unsecure data
and needs to be treated as such when it enters the private network.
6.2.2 Domain: Enterprise Router
The Enterprise Router is the system of interest in this publication and is used to direct
traffic into the Private WAN, IDS, and honeypot. This device is essential for securing the
LAN.
37. 6.2.3 Domain: Honeypot
A honeypot is a set of resources used to imitate the LAN and is the location where
suspicious traffic is directed. This is the preferred method of dealing with suspicious traffic
instead of dropping packets so that the intruder cannot detect that their traffic has been
compromised.
6.2.4 Domain: IDS
The Intrusion Detections System is a device that is used to determine if an attack is being
orchestrated on the LAN. The IDS parses the traffic looking for suspicious patterns and
alerts the router of such behavior so the traffic can be sent to the honeypot.
6.2.5 Domain: Firewall
A firewall is used at the edge of the LAN to determine if the traffic is allowed to pass into
the local network. The firewall typically consists of a set of rules used against the incoming
traffic to determine if it is permitted to access local resources.
6.2.6 Domain: Private LAN
The private LAN is the set of resources that reside as the enterprise branch node. This
Domain can consist of servers, workstations, storage, networking, and any other appliances
that are hosted locally.
6.3 Behavioral View
Figure 6.2 shows a sequence diagram for a common security technique known as a Public
Key Infrastructure (PKI). A PKI is a set of hardware, software, and procedures that are
required in order to create, manage, and store digital certificates and manage public-key
encryption. This method is a way of determining that users have the proper credentials for
accessing certain types of data. It is also a way of tracking what users are accessing what
particular resource.
38. Figure 6.2: PKI Sequence Diagram
6.4 Security Administration Approach
In order to identify if a commercial router is being securely implemented, continuous
monitoring must be implemented. This can be done efficiently by hanging a honeypot and
an Intrusion Detection System (IDS) off of the router. The router will replicate the received
traffic and send it to the IDS where deep packet inspection will be performed. At this stage
irregularities will be detected such as a high volume of TCP/UDP packets, unauthorized
users, etc. A honeypot will also be used in order to protect the actual local infrastructure
while allowing the attacker to believe they are still penetrating the system.
Good system administrator practices include checking the IDS logs daily, configuring
virtual environment to throw alerts when irregularities occur (e.g. spike in CPU utilization),
disabling local accounts and ensuring groups and users own each file on the system.
39. 6.5 Quality Attribute
The router will not allow any Distributed Denial of Service (DDOS) attacks to affect the
internal network. This will mean that no system inside the network (server, workstation,
etc.) will experience any overload in traffic due to a malicious attack. The chief scoring
system will be based on infrastructure uptime. The difficulties in achieving this goal include
identifying if incoming traffic is malicious, redirecting or dropping malicious traffic off the
operational network, and preventing attacks of a similar nature from occurring again.
7 Reference Architecture
A Reference Architecture (RA) is used to create a template based on the structure,
behavior, and rules of one or more real-world architectures. This is beneficial in that it can
be used to save time and effort as well as reduce risk when developing a new system. A
possible reference architecture relating to the enterprise router would be an enterprise
WAN that will leverage many enterprise routers.
7.1 Structural Perspective
Figure 7.1 shows the SysML Domain Diagram for such an Enterprise WAN architecture and
includes the possible Users for each Domain. The Domains include a WAN, a LAN, and a
Datacenter. The associated Users for the WAN are the Network Monitor who observes
traffic patterns and the Network Engineer who designs the WAN and implements the
required techniques.
Figure 7.1: Enterprise WAN Domain Diagram
40. Figure 7.2 develops the Datacenter Domain into a SysML IBD with a LAN Router facing
interface. The internal components of a Data Center include the LAN Switch that connects
the Workstations, Servers and Storage. The storage is typically connected to the servers
using a Storage Area Network (SAN) and the workstations typically pull data from the
servers so they are all interconnected.
Figure 7.2: Data Center Domain
7.2 Behavioral Perspective
Figure 7.3 is a SysML Use Case Diagram that links the Actors with their specific Use Case. As
the diagram shows, the System Administrator is responsible for maintaining end nodes by
deploying servers and performing OS patching. The Network Monitor is responsible for
observing the network by analyzing QoS and SLA metrics in addition to creating network
topologies. The Network Engineer’s main role is to configure the network equipment by
performing such tasks as configuring OSPF routers and creating VLANs that span across the
LAN or WAN.
42. Figure 7.4 shows an activity diagram for typical WAN operations. The System
Administrator provides the Network Engineer access to configure and LAN and WAN
routers with the necessary protocols and routes. The System Administrator will then test
the network by sending network traffic through the LAN and WAN to confirm that the
network is behaving properly. This diagram depicts one of many activities that can be
performed over an Enterprise WAN.
Figure 7.4: WAN Operations
43. Figure 7.5 shows a high level SysML Sequence Diagram for sending network traffic at the
LAN level. The diagram depicts how the Forwarding Table is used to find path the data
packet will take using a Forwarding Table described previously in the paper.
Figure 7.5: LAN Data Transfer
8 Enterprise Architecture: SatCom
The Enterprise Architecture (EA) abstracts a system to be a member of an overall
enterprise and encompasses a company or programs overall architecture and policies.
Developing an EA requires know of business process and operations to create a
technological infrastructure that reflects the objectives of the company and all relevant
stakeholders.
44. 8.1 Structural Perspective
The Enterprise Architecture developed in this section is a Satellite Communications
platform. Figure 8.1 introduces the relevant Domains in this enterprise including: Satellite,
Transmitter, Receiver, Router, and Ground Station.
Figure 8.1: SatCom Domain Diagram
8.1.1 Domain: Transmitter
The transmitter is used to transmit signals from the satellite to the area of interest. This can
be performed using a variety of different techniques and frequencies to capture certain
objects with a particular swath range. The signals gathered from the transmitter are
captured and sent to the main satellite.
45. 8.1.2 Domain: Satellite
The Satellite physically contains the transmitter(s) and receiver(s) and is used primarily to
store data as well as controller the transmitter and receiver operations.
8.1.3 Domain: Receiver
The Receiver operates as the end point for the data before transmission to the ground
station. Frequently the receiver and transmitter are coupled as the same system but in this
example the receiver actually acts as the repository for data before it is transmitted to the
ground.
8.1.4 Domain: Router
The router domain is where the signals are initially transmitted before they are sent to the
ground stations. The router is used to direct traffic to the particular ground station where it
will be sent. In some cases the router will also perform other tasks such as encryption and
load balancing.
8.1.5 Domain: Ground Station
The ground station is the endpoint in this enterprise and will collect data from the satellite
for processing and analysis. The ground station will consist of a LAN that includes local
workstations where analysis can be performed.
46. Figure 8.2 decomposes the Satellite Domain into the smaller parts that are integral in
preparing data for transmission to the ground station. The interfaces consist of an Uplink
Port that receives that data from the transmitter and the Downlink Port that will ultimately
send the data to the ground station. The satellite is composed of electronics that will
amplify and filter the signal such that the important data is properly formatted for
transmission.
Figure 8.2: Satellite Domain
47. 8.2 Behavioral Perspective
Figure 8.3 is a Sequence Diagram that shows the process of exchanging messages from the
Router to the Satellite. The Router will initially request the data from the satellite and the
Transceiver will be used to gather and send the information back to the Router so that it
can be forwarded to the Ground Station. As the diagram shows, this process is estimated to
take 3ms but the actual value depends on a variety of aspects about how the system is built.
Figure 8.3: Message Exchange Diagram
48. Figure 8.4 shows a typical Activity Diagram for Satellite Communications from the User to
the Satellite.
Figure 8.4: Satellite Communications Activity
49. 8.3 Data Perspective
Figure 8.5 is the Contextual Data Model (CDM) shows the foundation data classes that can
be defined for satellite communications. An additional expansion that could be done is to
show the type of data that is being intercepted from the satellite, whether that is video,
text, talk, etc. communications.
Figure 8.5: Conceptual Data Model
50. 9 Bibliography
Borky, John M. “Architecting Information Intensive Aerospace Systems.” 2015.
Cisco Systems, Inc. “Cisco 3900 Series and Cisco 2900 Series Hardware Installation.”
Preparing for the Installation. 2015.
<http://www.cisco.com/c/en/us/td/docs/routers/access/2900/hardware/installation/g
uide/Hardware_Installation_Guide/Preinstall.html>
Wikidot. “Routing Protocols Matrix.” Last Modified: 20 Mar 2009.
<http://showiproute.wikidot.com/routing-protocols-matrix>
Wikipedia, the free encyclodpedia. “Public key infrastructure.” Last Modified: 25 November
2015 <https://en.wikipedia.org/wiki/Public_key_infrastructure>
