Primary, Alternate, Contingency, Emergency (PACE) communications plans are a tool for helping organizations prepare for backup communications capabilities in out-of-the-ordinary situations.
Source: National Council of Statewide Interoperability Coordinators (NCSWIC)¹
A fundamental pillar of Public Safety and Tactical Edge deployments is the need for robust and reliable communications. As highlighted in the quote above, the National Council of Statewide Interoperability Coordinators (NCSWIC) outlines a framework to maintain operability, interoperability, and continuity of communications regardless of the operating conditions at the edge.
The NCSWIC framework outlines a plan with four critical states as follows:
PACE Plan | Description | Example Comms Paths |
---|---|---|
Primary | Preferred | VHF radio, Wi-Fi |
Alternative | Less optimal | Private Cellular e.g. FirstNet |
Contingency | Gets the job done | Public Cellular e.g. Verizon |
Emergency | Last resort | Satellite |
Table 1: An example of a Primary, Alternative, Contingency, Emergency (PACE) communications plan
Ultimately, PACE planning is about building redundancy into communications. However, the fundamental question remains: How do I know when to move my communications between the different communication paths? To date, this is solved by human or manual intervention, resulting in unnecessary downtime and stress on end-users in emergency situations.
Dynamic traffic routing for auto-PACE
Keel is the underpinning OS on Klas compute gateways of TRX R2 and TRX R6. One of the key functionalities of Keel is SD-WAN intelligent routing. In its simplest form, Keel SD-WAN assesses the performance on each available IP network path and seamlessly switches the traffic to the best-performing path without the need for human intervention. The result is that end-users do not need to be experts or have any knowledge of IP networking.
The mechanics behind Keel auto-PACE
Figure 1 shows an example PACE plan in which the TRX R2 is connected to multiple network paths. The primary path is VHF radio, with a fallback to cellular and on to satellite. In the example above, end-users communicate with a centralized base at a fixed destination.
In the background, Keel continuously monitors the available IP network path performance and routes traffic over the best-performing bearer path with minimal disruption to the end-users i.e. auto-PACE.
Keel provides two ways in which to implement auto-PACE:
- Basic (IP-SLA):
- Admins configure the PACE plan settings in Keel.
- Admins create IP SLA to monitor network connections.
- In the background, Keel continuously pings the target destination on the Primary path.
- If there is no response, Keel will route the traffic to the next available network path, failing back to Alternative, Contingency or Emergency paths as needed.
- Keel continues to ping on the higher priority or preferred paths, and once the path is stable, Keel will reroute the traffic back to the preferred network.
- Advanced (Keel SD-WAN Smoothed Round Trip Time – SRTT):
- Admins deploy a Keel SD-WAN headend at the HQ or in the Cloud.
- Admins define:
- Link Hierarchy: create a priority list of when the physical interface is used.
- Loss Tolerance: a percentage of the packets lost before rerouting Traffic from P to A, C and E.
- Hold-time: only reuse the connection when stable i.e. connection stays up for n-seconds.
- Fall-back only: dedicate a path for Emergency only, apply rules as to what IP traffic types are allowed e.g. Voice over IP only
- Keel periodically sends Keepalive packets to evaluate link state, using Smoothed Round Trip Time (SRTT) to evaluate relative link capacity.
- Standards-based security, including encryption of traffic – NIAP Common Criteria certified, supports Cryptographic algorithms (CAVP).
For a more detailed and technical overview on configuring and using Keel SD-WAN, click here for Keel SD-WAN public articles as available on our support helpdesk.
Advantages of Keel SD-WAN in auto-PACE
A significant advantage of using SRTT over the basic RTT (PING) is that it considers networking retransmission logic.
With a standard PING, if a source device does not hear back from the destination, it will retry three times. However, on each attempt it will double the wait time before re-attempting the PING. The result is up to 15 seconds before the path is determined as down and traffic gets redirected. Clearly this means disruption to the end-user communications.
However, with Keel SD-WAN, SRTT is used to assess the connectivity between the two machines. Taking into account the connection’s uplink and downlink performance. The result for the end-user is a seamless traffic switchover, ensuring paths with minimal latencies or waits are always used as part of the PACE plan.
An OS with security in its DNA
- Available as a single image (.bin) file.
- Signed with a digital signature for ease of secure updates over the air.
- NIAP Common Criteria certified as a network device and firewall OS device [CCEVS-VR-VID11436-2024].
- NSA CSfC component listed [Traffic filtering firewall].