The passive monitors require two network connections. The first is to the high-performance network on which the measurement are to take place. This is an optical connection, single-mode or multi-mode fiber, OC3 or OC12, and ATM or Packet over Sonet. This connection is purely passive, and requires no IP address. The other network connection is an Ethernet connection for control and to return results. We would prefer a 100baseT interface, but a 10baseT interface is also acceptable. This interface must have a static IP address properly assigned for it's location, as well as a static default route. Access to the monitor can only be made by encrypted secure-shell connections.

The passive monitors will be PC type machines in a rack-mountable chassis.

With the exception of the OC3/OC12 monitoring cards, the PCs utilize off the shelve hardware. The OC3/OC12 monitoring cards (called DAG3) have been developed as part of the WAND project at the University of Waikato in New Zealand:

A pair of DAG3 cards will be used to interface to the optical fiber pair via optical splitters:

The splitters take off a fraction of the light to allow for non-invasive measurements. A depiction of a complete system takes the PC, the DAG cards, and the splitters into account:

To reach the measurement machine, it will need an Ethernet connection, preferably 100baseT, as the optical interfaces do not provide for Internet connectivity. If at all possible we would like to configure a static default route to the default gatway.

The machines are only running network servers essential to the operation as a measurement machine. Specifically, inetd and related services are disabled, and access is only possible via ssh. The sshd is furthermore access controlled to explicitly only let allowed hosts connect.