The United States Armed Forces, consisting of the Army, Navy, Marine Corps, Air Force and Coast Guard, are responsible for the nation’s safety and protection. Each year, the U.S. military grows more dependent on information technology (IT) and consequently on the networks that help deliver and store information. Military systems now demand higher speeds and lower latency in order to move data quickly across the network and between systems. This capability, and the quality and integrity of that data itself, increasingly rely on the health of the network.

Challenges: This military base data center had upgraded its network to 10 Gbps, but still needed to develop a plan to monitor the network. The base’s IT team decided to deploy traffic recorders to capture traffic from all of the critical 10G links. Data monitoring switches formed the foundation of the monitoring access layer in their network, allowing their team the flexibility to direct traffic from any network link to the monitoring tools at any given time. The filtering capabilities of the monitoring switches would also be useful to prevent tool oversubscription and accelerate troubleshooting. Productivity would improve because the data monitoring switches could be controlled and traffic observed even when off site by using remote management features. The challenge was to design the monitoring access layer to deliver all of these benefits and minimize the number of recorders needed to meet the traffic recording requirement.

Solution provided by Net Optics Inc: Net Optics proposed an architecture using 10 Gigabit Fiber Taps to tap the 10G links, along with Director™ DIR-7400 data monitoring switches to aggregate switching and filter the tapped traffic. The Fiber Taps used negligible rack space, fitting eight Taps in a 1U slot, and consumed no power, which saved on both power and wiring costs. Director has the highest port density of any data monitoring switch available; the mix of 10G and 1G ports and support for fiber/copper interfaces offered plenty of deployment flexibility. Additionally, though the solution had only four 10G ports, it supported five 10G lines running into Director in the architecture diagram. The Fiber Tap on each 10G link produced two outputs—one for each direction on the full duplex link—and therefore connected to two 10G ports on Director. Each Fiber Tap used only half of each 10G port on Director (the receiving half), so that one fiber carried data from a Tap, while the other fiber carried output data to the traffic recorder. The four 10G ports on Director were actually eight 10G traffic streams, so the four receive streams and one transmit stream needed in the solution could easily be accommodated.

Summary: The data center was able to record the traffic from two 10G links on each traffic recorder—saving half the cost of a recorder for each link, along with the cost of managing the extra devices in what would have been a significantly more complex environment.

