HAIPE compliant TCP performance enhancing proxy for Bandwidth-on-Demand environment

IP layer encryption introduces substantial challenges for bandwidth on demand satellite communication. Our solution, namely broadband HAIPE-embeddable SATCOM terminal (BHeST), utilizes novel network performance enhancement algorithms for high latency geosynchronous bandwidth-on-demand satellite links protected in the presence of high assurance Internet protocol encryption (HAIPE). The problems experienced by TCP over geosynchronous satellites are well understood: while standard modems (on the BLACK side) employ TCP PEPpsilas which have been shown to work well, the HAIPE encryption of TCP headers renders the onboard modempsilas PEP useless. This is attributed to the fact that under the bandwidth-on-demand environment, PEP must use traditional TCP mechanisms such as Van Jacobson to probe for the bandwidth of the link (which eliminates the usefulness of the PEP) or use the bandwidth signaling that does not violate RED/BLACK boundary. Modem vendors typically recommend disabling the PEP when a HAIPE device is used. By moving the PEP into the secure network (RED) and exploiting the bypass mechanisms allowed by the latest HAIPE standard, we have been able to regain the PEPpsilas desired network enhancement that was lost due to HAIPE encryption. Our c BHeST solution employs direct video broadcast - return channel service (DVB-RCS), an open standard chosen for joint IP modem (JIPM) initiative by Defense Information System Agency, as a means of providing bandwidth-on-demand satellite links as a placeholder for future transformational satcom (TSAT) terminals. Another issue we address is the estimation of current satellite bandwidth allocated to a remote terminal which is not readily available in DVB-RCS.