Title: **bs506-tb** *Bruce's Shorts Episode 506* **TB - The Inter Entity Trust Boundary** Credit: By Author: Bruce Devlin Source: SMPTE ST 2129 supported by Arqiva - - - - - - - - - - - - - - - - - - Cast: NARRATOR - Tom TB - Anya Draft date: 2022-03-09 Contact: Bruce Devlin, bruce@mrmxf.com, https://mrmxf.com/shorts # Props Assuming there will be more than 8 and up to 30 humans on shooting day, we probably need the following list of kit. All performers should wear **long black trousers** if possible. **Yellow** shirts (10 short sleeve - mixed sizes) *YellAway Travel Channel* - Tx packets are yellow **Green** shirts (10 short sleeve - mixed sizes) *GreenThumb Gardening Channel* - Tx packets are green **White** shirts (10 short sleeve - mixed sizes) *WhiteWash Political News* - Tx packets are white **Red** shirts (4 short sleeve - mixed sizes) *Malicious packets* are Red **Black** shirts (5 long sleeve - TB, Tom & others) *TB, Narratore & Output entities* wear black long sleeves **Pink** shirts (3 long sleeve) *PinkDiva Services* - TB's minders & packets **Baseball caps** **Blue** (15) *Blue Broadcasting Company* - BBC **Cyan** (15) *Cynanara Streaming* - CS **Pink** (3) *PinkDiva Services* - PD **Red** (4) *Malicious Packets* **Face Masks** **Blue** (15) *Blue Broadcasting Company* - BBC **Cyan** (15) *Cynanara Streaming* - CS **Pink** (3) *PinkDiva Services* - PD **Red** (4) *Malicious Packets* **Cars** Two different cars are required for the public internet shot. They should be different colors and different models. # Set Three locations are required: ## NARRATOR Speaking to camera with teleprompter (Bruce to bring) to take place in studio. ## Dance of the Packets In the canteen. Cameras & Diffuse key lighting on stage. Low level lighting under tables. A channel for the packet actors to be created between two rows of tables. Each row should have 2 black tables, 1 white table, a 700mm gap and then a final black table in the direction the actors will walk. The corridor should be about 700mm wide. The white tables represent the Trust Boundary. TB will stand in the gap between the white/black tables and inspect packets as they waddle in the corridor. Two PinkDiva minders will flank the corridor supporting TB. ## TB meeting room Board room whiteboard long shot. The actual diagram will be overlayed in post. # Opening INT. Studio shot, NARRATOR to Camera BRUCE Getting live content to the consumer needs high bandwidth networking. To make it secure we need to understand the chain of trust # PinkDiva network INT. Studio shot, NARRATOR to Camera In this explainer scene, Bruce may add background graphics of fire hoses indicating incredible bandwidth that TB is trying to manage and control NARRATOR Imagine that you're making a big live internet stream. It might be a sports broadcast, it might be the entire TV output of the BBC. This fire hose of content arrives at a service provider to be routed to various broadcast channels, satellite channels, cable channels and streaming services. (pause) At the service provider, there are many of these fire-hose Internet Protocol or **IP** streams coming from many providers and we need a little cooperation at that point to ensure it all works and that if one provider reconfigures their stream then it doesn't impact anyone else. (pause) The inter-entity trust boundary describes the functions of an imaginary service gatekeeper who keeps things running securely & smoothly. Small, yet powerful, let's give it a more friendly name - meet TB (tibby), our Trust Boundary [Close Up] Superhero badge with text: **Hi, My name's Tibby. Do what I say - or else!** CUT TO: .Line up of Entities Line up: one each of Yellow, Green, White, packets & Blue, Cyan destinations. They take step forward & wave as their names are read by the Narrator. NARRATOR To show how TB works, let's imagine that we have some packets from our content providers... NARRATOR *YellAway Travel* , *GreenThumb Gardening* & *WhiteWash Political News*. All these packets are trying to get to consumers NARRATOR We also have BBC - *Blue Broadcasting Corp* and CBS - *Cyanara Broadband Streaming* who receive streams of content from our providers. CUT TO: INT. Network CORRIDOR .Stream of Yellow Packets with Blue hats going to BBC Packets penguin walk along the corridor, ignore the white table and as they leave the last black table, the **BBC** marshal turns the packets slightly left. Once out of shot the packets trot back to the input queue out of shot. NARRATOR In the simple case our IP packets have a Yellow source IP addresses and the network is told to get all the packets with Blue hats to the Blue destination IP address. Simple, Right? CUT TO: .Stream of Yellow Packets with blue/cyan hats going to BBC & CBS via PinkDiva Packets penguin walk along the corridor, pass by two Pink Minders standing by the white table and as they leave the last black table, the **BBC** marshal turns the packets slightly left and the **CBS** marshal turns the packets slightly right. Once out of shot the packets trot back to the input queue out of shot. NARRATOR In practise, the Blue & Cyan receivers will be serviced by an intermediate Pink entity, whose job is to manage the streams and keep the services going 24/7. We need to manage IP addresses carefully. The hat color shows the destination address after they get into Pink's facility. Everything seems to work just fine CUT TO: .Stream of Yellow & Green & White packets + mix of blue/cyan hats going to BBC & CBS via PinkDiva Packets pass by two Pink Minders. TB stands between a minder and the packets, facing the camera, by the white table. NARRATOR Pink offers a great service gets more clients, but now we have to be careful that we don't mix up the packets from customers Yellow, Green & White. We don't want to send the packets to the wrong output. ZOOM OUT TO: Post production insert of a Graphic of IP terms with video zoomed top left or top right NARRATOR In internet terms, this involves some complex address manipulation including Network Address Translation, Multicast netowrk joining and Virtual Network tagging. ZOOM IN TO: .TB focus shot standing at the white desk boundary NARRATOR This is where the trust boundary comes in. Hi Tibby! TIBBY (waves to camera) Hi There! (TB continues to inspect packets) NARRATOR Tibby has some specific jobs. Tibby must remove all unrecognised packets from external networks Tibby removes a red shirt packet. Red shirt glares at the camera and does a moody penguin walk away from the camera. NARRATOR Sometimes the packets might have strange headers that hide their intent. (pause) Bad Packets. TB removes blue hat / red mask to reveal a red hat / red mask NARRATOR Tibby is able to inspect the contents of packets to check all address types and also the content and type of the video and audio to prevent unwanted or malicious packets TB removes a packet with a blue hat & red shirt, red hat/white shirt etc. NARRATOR Tibby only looks at the packets as they come in and works at the maximum wire speeds of 10Gbit/s and beyond Tibby sorting packets - video sped up to 5x comedy speed NARRATOR Tibby is not actually a single piece of software or a product, but more a set of rules that define the best practise for the boundary between entities. CUT TO: .Boradrrom with 5x TBs chatting while looking at a whiteboard with a network diagram NARRATOR With multiple entities joining multiple netowrks, each of which are independently managed, Tibby's job is to ensure that Trust is maximized inside every entity and that the output from an entity can be trusted at the handover to the next one in the chain. CUT TO: INT. New Topology Yellow/Green/White -> Pink -> Cyan -> Blue + 3 TBs Rearrange the desks slightly so that instead of the Blue/Cyan sorting taking place in one go, we have an extra white desk where TB2 grabs blue hats and drags the packets away from the camera. Further along the coridor - another white desk and TB3 does the same. An occasioanly pink packet continues straight through. NARRATOR In theory we might arrange our topology in series rather than a triangle. Although the packet flow is different and there are more Tibbys. All Tibbys turn and wave to camera before returning to their sorting work NARRATOR The basic rules remain the same. The extra Tibbys use extra security rules to improve and observe the integrity of each output feed. See how the occasional Pink packet for network monitoring can traverse the system. Three blue packets need to leave the stream together.... PEEK TO: EXT. LOBBY: 3 Blue Packets (one yellow, one white, one green) getting checked by TB before getting into a car from the lobby and driving away at comic speed NARRATOR In theory the topology of the network should not matter. You might route some packets over a fast, but public internet. The TB job is still the same - control and observe the trust of the packets going into the public network. CUT TO: EXT. LOBBY: 3 Packets getting out of a different car - 2 packets are the same. Green packet has the same exterior shirt & cap & mask, but is obviously a different packet (e.g. was small female getting into car, but is now obviously a huge male). The lobby Tibby lets the packets back into the system. NARRATOR Tibby at the receiving end still has to check all the packets. The first TB in the systme might be a simple boundary that filters traffic into a secure area. CUT TO: INT. Network CORRIDOR 3 packets from outside waddle into the inspection corridor NARRATOR At some point a Tibby performing deep packet inspection decides to accept or reject the packates according to the rules and raising alams accordingly TB lets white & yellow go through. TB lifts the green shirt, spots a red shirt underneath. Red light flashes Klaxon added in post. # Closing CUT TO: Int. Bruce in studio BRUCE The Inter Entity Trust Boudary, TB, is a recommended practise: SMPTE RP 2129 and you can get a free copy during its trial phase in 2022 by going to the SMPTE website and looking for Public Committee Drafts. Checkout the Mr MXF website for more links NARRATOR Tibby - more than just a firewall CUT TO: .Music & Credits & Patreon