PMA Hardware

This page is a how to build a passive network monitor as much as a collection of systems that have been build by NLANR over the past decade and demonstrate the various features and capabilities.

History

Historically, the idea of a passive network monitor goes back to NLANR/vBNS OC3MON's. Since about 1998 the machine configuration has been based on 4U rackmount chassis for which parts have been sourced from CPP (now part of racksaver.com). The configuration of those machines is now historic and can be found here.

The next generation of OC3/OC12MONs would only change slightly, but deploy the DAG3.2 series of cards produced by the University of Waikato. In the course of time, the motherboard would become unavailable, and be replaced by a more modern Intel server motherboard, otherwise the appearance was fairly unchanged. An overview is available here. This page gives all the nitty gritty details.

As we build the first series of OC48MONs, space became a real issue in the context of a planned router instrumentation. The first system would still deploy a 4U chassis, all further PMAMONs would convert to the space conserving 2U chassis, the system configuration otherwise is unchanged from the 4U.

The latest generation of OC192MON's recognize the need for an integrated platform and deploy a Dell 2650 2U rack mountable server platform. See also first publicly available 10Gigabit network traces.

Modern passive monitors

When building a passive monitoring system today, you need to recognize a number of different factors:

the passive (often: fibre optic) tap into the communications link
the data collection hardware (network measurement card)
the PC computer platform, requirements for data analysis and capture
environmental constraints, such as rack space, heat dissipation, power supply, etc.
the total cost of the solution

Some basics on fibre optics in a rush

Todays data networks are based upon electrical or fibre optic carriers. Most of the critical links — long distance or between buildings on a campus — are fibre optic.

The main reasons for choosing fibre over copper are:

resilient against electromagnetic interference
can run longer distances at much higher data rates
seemingly endless transmission capacity (for any practical purposes)

Against common perceiption modern networks are not any faster, it is only the higher transmission capacity which makes them appear to respond quicker to increasingly more complex requests by a growing number of applications and end users. The speed at which those signals travel is constant and nearly identical for copper and fibre, at about 2/3rds the speed of light.

Practically all fibre optic communication links deploy a separate fibre for each of the two directions of the link.

As a data carrier travels down a medium its signal strength fades — the signal is attenuated. Capacity planning ensures that the transmitter will generate a strong enough signal such that the attenuation on the link will still permit the receiver to pick up the signal reliably at the remote end.

Calculating and measuring optical power budget

The loss of signal strength in optical like in other media is logarithmical, hence engineers tend to measure attenuation in decibel, where:

dB = 10 * log₁₀(P₁ / P₂)

and P₁ and P₂ are two measurements of optical power at different locations.

Below we give you some typical loss characteristics for fibre in common use today.

Fiber Optical Loss (dB/km)
Size Type 850 nm 1300 nm 1550 nm
9/125 µm singlemode — 0.5-0.8 0.2-0.3
50/125 µm multimode 3.0-7.0 1.0-3.0 1.0-3.0
62.5/125 µm multimode 3.0-7.0 1.0-4.0 1.0-4.0

In the table above you find specific wavelength' in use for data transmission today. These are also referred to as the first (850 nm), second (1300-1310 nm) and third (1525-1600 nm) optical windows. What is interesting to note here is that attenuation in fibre optics is a function of the carrier wavelength. From the data in the table it is quite pronounced why the second and third windows, in particular when deployed with singlemode fibre, are quite attractive for long distance communication, however, there are further issues beyond attenuation which the industry has to take into account.

As can been seen in the above equation, the unit of dB is actually a relative measure. In order to fixate an absolute reference, the industry has introduced dBm (decibel of one mW — milliWatt) as a new metric. Since 1 mW (0 dBm) is actually quite a strong source, most optical measurements will appear as negative readings, indicating fractions of 1 mW.

Just for illustration we provide you with some characteristics of common transceiver optic modules as in use in the networking industry today. For exact details, please refer to the data sheets.

Application Source Part No. Fibre Wave length TX launch RX max RX min
OC3c/OC12c LAN Agilent HFBR 5208M multimode 1300 nm -20 dBm -14 dBm -29 dBm
OC3c/OC12c WAN Agilent HFCT 5208M singlemode 1300 nm -11 dBm -7 dBm -32 dBm
OC48c WAN Agilent HFCT 5402D singlemode 1300 nm -5 dBm -3 dBm -22 dBm
1000BaseSX Agilent HFBR 53A5VFM multimode 850 nm -9 dBm 0 dBm -17 dBm

Passive taps

To insert a passive tap into a data communications link has one major advantage: it allows to obtain an exact replica of the original data stream present on the link without interfering with or changing the traffic pattern itself. This method is also referred to as non-intrusive, however, bear in mind that there is this one occasion where the tap needs to be inserted, for which communication has to be interrupted for a short period of time.

A fibre optic tap is a Y-shaped device produced from melting, twisting and pulling (fusing) a pair of fibres. (Once the fibres have been fused one of the legs of the X is simply cut off, thus forming the Y.) The cabling industry also refers to such a device as a coupler, and uses 1 → N couplers (star couplers) along with high powered lasers for distribution of broadband cable TV signals. For measurement purposes we are only interested in 1 → 2 couplers, or splitters.

As the signal is split in two, each of the legs will see an attenuation of signal strength relative to the signal level at the input. The ratio between the two ends may vary, hence a range of splitters for a given fibre type may be sold: 50:50, 60:40, 70:30, 80:20, 90:10 and so forth, referring to percentages of the original signal as being emitted at each of the output legs.

Remember also that split ratio, in the same way as attenuation, is dependend on the wavelength of the carrier used to light the splitter. For instance, a multimode splitter designed for SONET applications operating at a ratio of 50:50 in the second optical window (1300) may work for short distances on a Gigabit 1000BaseSX (850) link, however, the attenuation might be severe and it would be impossible to utilize it for connections inside a building, in the same way a Gigabit splitter 50:50@850 would.

There is a risk that the additional attenuation as introduced by the tap lowers the signal strength in such a way that the receiver at the remote end will pick up a signal outside the window of error free operation. In other words, splitter attenuation is higher than the residual optical budget before inserting the device. To restore communication, the tap will have to be removed and following signal level measurements an appropriate splitter product will have to be sourced.

If the link is operating at the very limit of its optical budget, there is a chance that no suitable splitter can be located, as either the attenuation to the main link or to the monitoring leg will drop signal levels below the acceptable for the optical receivers.

For the sake of clarity let us point out that truly passive fibre optic splitters operate independently of the data rate carried. For instance, a singlemode splitter 80:20@1300 will quite happily operate at OC3c (155 MBits/sec), OC12c, OC48c, or even OC192c (9952 MBits/sec). Some vendors will quite happily sell you a so called "10 Gigabit splitter", which allegedly is designed for "speed" (see above comment on "faster networks"). Those statements are merely for the piece of mind of the purchaser but do not add any technical value to the product, rather unnecessarily restrict its use for the technically not-so-savvy.

Split ratio (in %) Typical insertion loss (in dB)
50/50 3.1/3.1
60/40 2.3/4.1
70/30 1.7/5.4
80/20 1.1/7.1
90/10 0.6/10.2

When inserting the splitter into the communications link one must ensure that the signal enters at the end with just one fibre attached, and exits via the pair of outputs. Do not underestimate the importance of direction! In the field it is often difficult to work out which port is transmit and which is receive, and which of the legs of the splitter(s) is which. If you happen to take one of the outputs for an input and vice versa, the main link will still work, and you may even sense light at the second output (which is the result of reflection at the fuse), however, attenuation towards the second leg will be extremly high and the monitor is unlikely to work under such conditions. However, with the poor physical layer detection capabilities built into todays network interface and measurement cards, it may be impossible to detect this scenario, as the pattern experienced is strikingly similiar to a splitter with the wrong ratio, and only a power meter and a second field trip may be able to uncover the problem. We therefore strongly recommend using boxed bidirectional splitters, which avoid errors due to miswiring. Please read further below.

Golden rules for deploying passive fibre optic taps:

Study the characteristics of the link to be instrumented: topology, fiber type (singlemode vs. multimode), wavelength (optical window), physical layer configuration parameters, encapsulations used. Talk to your network operator, don't give up until you have detailed information. It is extremly hard to get the same information in the field under time pressure, and with no access to a web browser, lacking phone numbers etc. Be well prepared.
Obtain a fibre optic power meter, check calibration, know how to use it.
Take a power measurement at the link to be instrumented.
Do power budget calculations and pick a suitable product for your purposes. Remember, the split ratio (attenuation) along the main link is as important as the light levels toward the monitor, balance the risks and pick something that will keep the link happy but won't operate the monitor at or below its receiver optical window. Too hot signals at the monitor can be fixed with an additional attenuator, as needed, too low signals are the ones that cannot be fixed.
If access restrictions prevent you from doing preliminary power measurements and budget calculations, arm yourself with an assorted set of splitters and choose from the set on the spot.
Use boxed rack mountable bidirectional splitter solutions, if possible.