All steps are logged in the for audit. 5. Performance & Quality Impact | Metric | Baseline (no EQ) | With EQ (lab) | Observed in field (Jan‑2026) | |--------|------------------|---------------|-------------------------------| | Latency (p99) | 3.4 ms (DWDM 600 km) | 2.8 ms | 2.9 ms | | Jitter (p99) | 0.45 ms | 0.12 ms | 0.14 ms | | Packet loss | 0.08 % | < 0.01 % (FEC) | 0.015 % | | Throughput impact | — | ~‑4 % of link capacity (reserved for EQ) | −3.5 % | | Config‑apply time | 12 s (manual) | 5 s (CFD) | 4.8 s |
| Goal | Benefit | |------|----------| | | Reduces manual provisioning errors, speeds up service roll‑out, and enforces policy compliance. | | Extra‑Quality (EQ) traffic treatment | Guarantees enhanced QoS (lower latency, jitter, and packet loss) for premium services (e.g., 5G‑Ue, enterprise SD‑WAN, edge‑AI). | | End‑to‑end telemetry & verification | Provides visibility into configuration integrity and performance impact. | Airtel Dark Tunnel Config File Download Extra Quality
Values are averaged across 10 DWDM spans (200 km–800 km). The modest capacity reservation (≈ 4 %) is justified for premium‑SLA services. | Threat | Mitigation | |--------|------------| | Man‑in‑the‑Middle (MITM) on CFD | Mutual TLS, certificate pinning, and short‑lived signatures (TTL ≤ 24 h). | | Configuration replay | Version numbers and valid_until timestamps; agents reject older versions. | | Key compromise | Automated key‑rotation (90‑day cycle) via HashiCorp Vault; immediate revocation list broadcast. | | Denial‑of‑Service on CFD server | Rate‑limit per‑agent, CDN front‑end, and HA load‑balancer. | | EQ‑policy abuse | Policy‑engine validation – only pre‑approved traffic classes can request EQ (via service‑catalog). | All steps are logged in the for audit
The report outlines the architectural context, the CFD workflow, the EQ mechanisms, security considerations, performance impact, and recommended next steps for production deployment. | Term | Definition | |------|------------| | Dark Tunnel | An IP‑over‑DWDM or MPLS‑based tunnel that runs over unused (dark) fiber or leased lines, offering a private, low‑latency backbone isolated from public Internet traffic. | | Config‑File Download (CFD) | A controlled process whereby tunnel‑endpoint devices (e.g., routers, optical line terminals) pull a signed configuration file from a centralized repository (GitOps/CMDB). | | Extra‑Quality (EQ) | A set of QoS augmentations (traffic‑class mapping, shaping, policing, and latency‑aware routing) applied to selected traffic classes to meet SLA‑grade performance. | | | Extra‑Quality (EQ) traffic treatment | Guarantees
Prepared for: Internal Technical Review – Airtel Network Operations Date: 15 April 2026 1. Executive Summary Airtel Dark Tunnel is the carrier‑grade, encrypted overlay that connects Airtel’s core data‑center sites, edge‑computing nodes, and partner‑cloud PoPs over a “dark‑fiber” or leased‑line infrastructure. The recent focus on Config‑File Download (CFD) and Extra‑Quality (EQ) features aims to: