Rohde & Schwarz ATC session border controller

Secure interconnection of ATC voice networks

Your task

The functionality of ANSP systems is crucial to the safety of aircraft passengers and the continuity of airspace operation. The availability of voice infrastructure is key, because without communications the airspace has to be closed immediately.

The introduction of state-of-the-art VoIP communications lets ANSPs take advantage of direct IP interconnection between each other and to telephony networks, bringing higher interconnection availability and security with faster call setup time and additional status information.

Like enterprise VoIP telephony networks, the internal ATC network should be secured via session border controllers. Session border controllers protect the VCS system and radios from multiple threats such as malformed SIP/RTP packages or denial of service (DoS) attacks e.g. due to an incorrectly configured partner VCS.

Session border controllers provide the highest available protection of the critical voice infrastructure and should be deployed at least on every link to other organizations, to backup systems and on the connection to the internal telephony system.

ATC voice networks

To meet the special needs of ATC communications, the SIP/RTP protocols have been enhanced and standardized as ED-137. This protocol enhancement defines features such as PTT, squelch and radio control and monitoring. Specialized ATC session border controllers are required in order to comply with the special needs of ATC communications and to support the ED-137 standard family.

Rohde & Schwarz ATC session border controller

Security in ATC networks is very important to Rohde & Schwarz. This is why the company developed the specialized R&S®ATC-SBC, which helps secure customer networks and enables ANSPs and airport operators to provide safe and continuous airspace operation.

R&S®ATC-SBC is the interconnection point of two ANSP and airport operator networks. It is used to connect one VCS system to another and for sharing radio resources between neighboring ANSPs.

R&S®ATC-SBC uses highly advanced security mechanisms and controls all the incoming and outgoing voice sessions on multiple network levels.

On the IP level, R&S®ATC-SBC acts as a firewall and revokes all inappropriate communications protocols and communications paths. This effectively reduces the load for the higher processing.

On the signalization and payload level, all SIP and RTP packages are completely interpreted, controlled and repacked. This protects the internal VCS system from attacks using malformed packages. Call admission checks whether the communications partners are allowed to communicate and limits the number of concurrent sessions and calls per second, protecting the VCS itself and the controller against DoS attacks.

In addition to its security features, R&S®ATC-SBC simplifies the sharing of radio resources between ANSPs and airport operators. It acts as a radio server and requires only one session to the requested radio, even when delivering to multiple users. The number of connections and the load on the radio and network are reduced. The radio may be shared with a virtually unlimited number of partners, which lowers the network dimensioning costs.

R&S®ATC-SBC hides the internal network topology, presenting just its own IP address to the connecting partner. In addition, it removes unnecessary information from the packages (e.g. personal names), which increases security and privacy while reducing the risk of misinterpreting some information.

Protocol transformation within R&S®ATC-SBC from ED-137A to B or C and vice versa allows compatibility between multiple VCS/radio system versions.

Redundancy

R&S®ATC-SBC uses the most advanced redundancy mechanisms, e.g. link redundancy and system redundancy, and increases overall system availability by means of smart call routing.

On link or network failure, the communications flow remains uninterrupted using parallel redundancy protocol (PRP) or link aggregation.

In case of hardware failure, the redundant node takes over all active connections from the primary node. Therefore, R&S®ATC-SBC maintains a shadow status of all active calls.

In case of VCS failure, it is important to keep operations running. R&S®ATC-SBC actively monitors the status of the VCS system. If a problem occurs, R&S®ATC-SBC automatically forwards incoming calls to the backup or emergency VCS system. The calls from the partnering ANSP controller will not get lost and the partner ANSP will not even recognize that there is an issue on the VCS.

R&S®ATC-SBC may even fork the calls and deliver these simultaneously to the primary and contingency operations room to ensure full functionality even if an entire center is lost.

Simple management

R&S®ATC-SBC seamlessly integrates into the R&S®VCS-4G product portfolio. R&S®ATC-SBC is fully managed via the R&S®VCMS management system and can be used as part of the R&S®VCS-4G solution or as a standalone to secure VCS deployments of other manufacturers.

Double link interconnect

The availability of the interconnection between two ANSPs is very important, since controllers have to communicate in order to handle the aircraft’s regional borders. The innovative Rohde & Schwarz double link interconnect lets partners interconnect using two entirely independent WAN carriers. In case of delay, packet loss or even WAN or carrier failure, the communications flow remains uninterrupted. Using parallel redundancy protocol (PRP), R&S®ATC-SBC takes data directly from a better link. R&S®ATC-SBC significantly increases both voice communications availability and quality.