FFM_–_Technical_Brief_–_Network_Solutions_for_Intelligence_Surveillance_and_Reconnaissance

FEDERAL

Network Solutions for Intelligence Surveillance and Reconnaissance

Brocade delivers network architectures to address your intelligence surveillance and reconnaissance solutions.

FEDERAL TECHNICAL BRIEF

Network Solutions for Intelligence Surveillance and Reconnaissance 2 of 16

CONTENTS

Intelligence Surveillance and Reconnaissance ....................................................................................................................3

What are the ISR Requirements? .......................................................................................................... 3

Brocade: From the Signal Acquisition to Signal Transport to Signal Processing ............................................................5

At Signal Acquisition: Performance, Agility, and Economy ................................................................................................6

Challenges Being Met at Today’s Base Ground Station: Signal Acquisition and Modern Signal Distribution..............7

At the Data Center, Where the Clients Process “Big Data” ............................................................................................. 10

Brocade Provides Three Flexible Options for Data Centers ..................................................................... 10

Data Center Architecture #1 ......................................................................................................... 10



Future Options for ISR Networks Today ............................................................................................................................. 11

Network Function Virtualization ........................................................................................................... 11

Simplifying Operations and Expansion through OpenFlow ...................................................................... 12

Cyber-Security Protection ..................................................................................................................................................... 14

Summary: What Differentiates Brocade ............................................................................................................................ 14

Appendix A ............................................................................................................................................................................. 15



INTELLIGENCE SURVEILLANCE AND RECONNAISSANCEJust as the adoption of mobile technologies and ubiquitous Internet access have exploded in recent years, so have the requirements that are placed on existing Intelligence Surveillance and Reconnaissance (ISR) systems. ISR architects must not only transform existing systems to exploit these emerging technologies, but they must also extend those technologies out to clients regardless of their physical location. The drive to leverage cloud technologies in support of ISR missions requires a modernization of tactical network access, fixed ground station, and data center architectures. The exponential increase in UAV reconnaissance alone, with an estimated 86,000 hours of UAV drone video being captured daily, is placing a huge burden on today’s outdated systems. New ISR systems must allow rapid evolution without the need for full-scale replacement of any underlying technology. Constantly changing requirements, expanded missions, and constrained budgets require the development of a scalable and modular ISR network that does not force vendor lock-in or limit choice. Brocade, the performance leader in IP and storage solutions, has developed new technologies for ISR networks.

Brocade® IP and storage solutions can be implemented throughout the ISR architecture. At the signal acquisition and generation point, Brocade solutions can be found transporting the initial signal from the field or the tactical ground station. At the main ground station terminal, for example at the Space Network Ground Segment Sustainment (SGSS) project, NASA utilizes Brocade satellite-ground architecture for multicast signal distribution that provides vastly reduced data loss and predictable transmission effectiveness. This capability accepts and transports all the ingest data, for a large client base to access the information simultaneously. At the ingest data center, Brocade provides industry-leading reliability, scaling, and security by encryption of traffic at rest and on-the-fly between primary and secondary data centers.

What are the ISR Requirements?The primary requirement for an ISR solution is to gain high quality, time domain, and actionable intelligence for potentially vast numbers of end users at any location, regardless of distance. The requirements to deliver or sustain and modernize the ISR application from networking fabric perspective reach into all aspects of the application. The list may look familiar.

For example, the NASA SGSS modernization program is continually being modernized, but the overarching program requirements are these:

•Reduce communication costs for our customers.

•Implement an extensible, flexible, and easily expandable ground terminal architecture.

•Reduce lifecycle costs.

•Enhance the continuity of operations posture of the Space Network.

•Transition from the legacy system to the new SGSS system in a low risk environment.

•Meet or exceed the legacy proficiency, performance, and availability requirements.

Additionally, individual networking element requirements are produced.

Typically, by the time a solution planner is delivering a specific set of requirements to the network provider, they have reduced their downstream requirements to something that looks like the content in Table 1.



Table 1. Typical ISR Requirements.

Requirements may be a way of setting the bar, but key differentiators are not always gleaned from viewing a set of technical requirements. A short-term savings of 10 percent on an initial deployment could have a ripple effect of 50 percent to 100 percent more cost due to underwhelming network performance or poor expansion capability.

ISR Network Requirements Brocade Solution

Sub-100 µsec delay of Ethernet frames

√

Brocade MLX®/MLXe: Sub-15 µsec delay of Ethernet frames

Brocade VDX 8770: <4 µsec

Brocade ICX®: Sub-15 µsec

288 to 490 × 10 GbE ports √

Brocade MLX/MLXe: 768 × 10 GbE ports per MLX/MLXe (single chassis)

Brocade ICX: 56 × 10 GbE SFP+ ports per stack unit 2-port 4 × 10 GbE BASE-X QSFP+

4-port 40 GbE BASE-X QSFP+

Brocade VDX® 8770: 8 slots, 12 × 40 GbE per slot, or 48 × 10 GbE per slot (single chassis)

2 × 10 GbE aggregate throughput √

Brocade MLX/MLXe: In service today, 2 Tb aggregate multicast throughput (single chassis)

Brocade ICX 6650: 1600 Gbps line-speed full-duplex throughput. 1190 Mpps forwarding capacity (single chassis)

Brocade VDX 8770: 10 GbE: 48 × 10 GbE line card provides up to 48 SFP+ ports. 8000 ports per fabric (single chassis)

38 multicast Ethernet frame streams √Tens of thousands of multicast streams (single chassis)

The same jitter on a single stream, as in multiple streams

IGMPv2 and IGMPv3 support √Brocade MLX/MLXe: 16000 groups of IGMPv3 (single chassis)

Brocade ICX 6650: 4000 groups of IGMPv3 (single chassis)

Resilient √ Resilient

High availability √ High availability

Layer 2 multicast √ Layer 2 multicast

Layer 3 multicast √ Layer 3 multicast IGMP (Internet Group Management Protocol)SFP+ (Small Form-factor Pluggable Plus)QSFP+ (Quad Small Form-factor Pluggable Plus)µsec (microseconds)

GbE (Gigabit Ethernet)Mpps (million packets per second)Tb (terabit)

Brocade delivers campus networks, network core, and data center network fabrics that far exceed the requirement sample in Table 1. Brocade delivers network solutions for signal acquisition point or tactical ground station, the base ground station and the client data center. Brocade brings unique differentiators to each segment of the overall application that delivers exceptional performance, port density and economy to the overall program. The differentiators are not always gleaned from viewing a set of technical requirements, as some solutions operate more effectively than others and do not introduce unintended consequences, such as higher costs.



BROCADE: FROM THE SIGNAL ACQUISITION TO SIGNAL TRANSPORT TO SIGNAL PROCESSINGBrocade has aligned its IP, storage, and network fabric solutions for ISR applications into the Brocade satellite-ground deployment architecture (see Figure 2). Some solutions require highly specialized skills to meet transmission requirements on a unique system, such as a ground station system. However, when integrator architects design such solutions, they tend to choose Common Off the Shelf (COTS) components to control costs. They then select or build purpose-built products, even if the application has unique requirements that cannot be met by using these COTS components. As a result, the network transmission requirements tend to be driven by the desire to economize on costs, rather than by what the best solution is for the specific application. The initial costs for the solution may be lower with COTS components, but if the system underperforms over time, then the savings at startup are negated.

The Brocade IP and storage solutions are key components to a successful ISR architecture. Differentiation is provided in all three areas of the architecture:

•The signal acquisition point, or tactical ground station

•The base ground station where signals are distributed

•At the client data center

At the signal acquisition point, Brocade FCX Series Switches can be deployed in ruggedized from factors and provide highly effective operation at an economical cost. Brocade has designed these platforms with the Layer 2 and Layer 3 features needed to enable the system to coexist at that level of the architecture. Brocade has added the high availability and failover features necessary for the platform to withstand component failures and behave as a chassis-based system would normally operate, but at a lower cost point.

At the base ground station, Brocade MLXe Series routers provide exceptional handling of multicast traffic to client data centers that eliminate distance barriers that are traditionally found in the base ground station in ISR programs. Brocade provides unique and flexible options for the massive processing data ingest center at the client location. Any of the Brocade data center switching solutions for enterprise-level storage are appropriate for these data centers. The Brocade solutions provide economical and predictable lifecycle costs. The Brocade solutions provide progressively higher performance and handling of signal processing to end clients that eliminate the traditional distance barriers that exist in the systems being modernized.

At the data center, Brocade has led the industry by designing flexible implementation options for the data center switching architecture on the network and storage layers. Brocade data center solutions are designed to allow for graceful migration or blending between architectural choices, such as architectures based on Network-Attached Storage (NAS), Fibre Channel, or fabric. (See Figure 1.)



Figure 1. Brocade Satellite-Ground Architecture. Brocade provides an architecture with a combination of network performance, port density, and traffic management that translates to longer solution life cycles and reduces the economic impact on the program overall.

AT SIGNAL ACQUISITION: PERFORMANCE, AGILITY, AND ECONOMY Whether the location of signal source is in the atmosphere, orbit, on the ground, or in a mobile environment, the Brocade FCX and ICX product lines are ideally suited for integration and operation at the initial tactical or remote signal processing points. These systems are fully featured Layer 2 and 3 IP routing and switching solutions that lead the industry in throughput, scalability, and energy efficiency. These systems have been ruggedized, or installed in ruggedized containers, and deployed in direct support of ISR missions.

Using Brocade HyperEdge™ technology, the local campus area network or deployed work group requires only a pair of the stackable routing switches in the virtual chassis to enable the advanced Brocade features. HyperEdge architecture enables several benefits for the campus:

•Single IP management for the access layer

•Flexible deployment options with basic and advanced feature propagation

•High availability configurations with chassis-level resiliency

Of the remaining six units in the stack, there can be a mixture of units that address the needs of users with standard requirements. The entire stack inherits the features of the advanced features in the stack base routing pair. When the system is deployed in virtual chassis mode, with redundant power supplies, redundant control and management, and hot-swappable, single rack units, the site community receives chassis-level operation and management. Flexibility like this equals economy in deployment and operational costs. With these features, HyperEdge directly addresses the challenges of today’s signal-acquisition environment.



Figure 2. Physical Systems at Signal Acquisition. Signal Source: Initial Processing.

CHALLENGES BEING MET AT TODAY’S BASE GROUND STATION: SIGNAL ACQUISITION AND MODERN SIGNAL DISTRIBUTIONISR deployments are in various architectural stages today. They consist of steady-state operations, wholesale replacements, greenfield deployments, and modernization programs. The common thread to achieve an efficient ISR architecture is standardization and modernization of the transmission signals between the receivers to the base ground station and the client data center. Within the ISR architecture, clients may elect, based upon mission, to receive individual downlink signals at the wideband level or to ingest very wideband transmission signals.

At the base ground station, the acquired signals are sampled and modulated as digital representations of the downlink data received by the analog modems. These signals have been converted to a Digital IF (DIF) signal and packetized as Layer 2 multicast streams. This process enables the signal to be transmitted over longer distances than was possible in its original format.

Conversion of the signal from analog to digital resolves the traditional ISR problem of limited (local only) transmission distance. The result of resolving the transmission distance limitations means that the transmission of the data over broader distances presents very specific problems for the base ground stations and the receiving client data center.

The standard requirement of handling the digitally formatted downlink data is to replicate it to ever-increasing scaling levels, and do so in identical fashion to all subscriber data centers within very tight tolerances. Traditionally, ISR architectures have suffered from impaired receive signals from high jitter variances, delay variation, add-join interruptions, and packet loss. Brocade ventured to resolve these challenges and achieved much success in producing highly scalable transmission systems that address each of these problems.

To illustrate the delicate nature of the problems experienced by ISR programs with respect to transmission challenges, we’ll mention the primary issues experienced by our partners and the technical aspects of the Brocade solution that met these challenges.



The challenges were as follows:

•Replication and transmission of data streams required high fan-out.

•Client demand for multiple data streams has expanded rapidly, and continues to do so.

•The transmission of data was “live” and it needed to be transmitted and received as originally formatted at the base ground station by the AD conversion modems.

•Transmission was jitter sensitive, delay sensitive, and could not withstand dropped packets or variation in inter-frame gap size due to multicast stream replication processes.

Brocade resolved each of these problems by designing features into its industry-leading platform, the Brocade MLXe. Although initially perceived as a COTS solution element, the Brocade MLXe design team resolves specific multicast issues architecturally, within the Brocade MLXe platform. In this way, the Brocade MLXe no longer resembles a COTS solution element, but that of a purpose-built ISR transmission element with unique traffic handling capabilities that resolve the technical issues that disrupt traditional ISR applications. Brocade resolves these problems while maintaining the traditional multicast interface to other ISR application elements.

A combination of Brocade technical features alleviates these problems with the following system-level attributes:

•Provide uniform, thus predictable, packetization of multicast streams by providing an identical length to every inter-packet gap.

•Eliminate inadvertent oversubscription by placing traffic management on the interface of each module, versus traditional system architectures that provide this feature on the main controller, and therefore do not mitigate contention for bandwidth with their centralized multicast add-join management tables.

Ensure that multicast scaling occurs within the system without dropped packets on the transmission interface due to processing, management, or oversubscription on the interface or backplane.

Figure 3. Modern Signals Distribution. Brocade provides multicast using the Brocade MLXe, VDX, or ICX platforms. Maintaining the integrity of the stream to the client is critical. The Brocade MLXe reproduces the multicast stream with the same measured behavior, whether it is the initial multicast stream, or the 2000th multicast stream that has passed through the same switch.



At any given time, the Brocade MLXe solution could experience a growing usage level of 2000-2500 clients joined and listening in a set of multicast groups. Some clients may be participating in up to 30 multicast groups. This requirement dictates that a tremendous number of port interfaces are to be deployed and actively running multicast in a single chassis. The combination of on-module traffic management, multicast management, and multicast replication capabilities of the Brocade MLXe means that the legacy network solution with single blades running in the chassis can be replaced easily. The Brocade MLXe can replace rows of legacy routing switches, which frees up Space, Weight, and Power (SWAP) and reduces operational budget pressure, simply by utilizing a well-designed transmission system with predictable behavior.

Due to the on-module traffic and multicast management, no single interface affects the other client listeners. For example, two listeners could attempt to join a different multicast group over the same 10 GbE interface. (See the exploded view of the 20-port 10 GbE module in Figure 4.) The result of the separate downstream requests would traditionally require two multicast 9.2 Gbps streams to compete for the same 10 Gb of bandwidth. In the Brocade MLXe, the control to manage the multicast join and leave operations is on the module. This multicast management on the interface ensures that no single port can interfere with ports on other modules. The contention for bandwidth by multicast joins and leaves is managed individually. In competing implementations, this behavior may cause problems with the multicast group management on the management module of the switch. Within the Brocade MLXe products, this issue is not a factor, as only the last join request on that port is blocked or rate-limited on the ingress and egress. The result is that only the port interface that received the simultaneous join requests is affected.

Figure 4. Brocade ISR Data Center Architecture. The Brocade network architecture for ISR implementations delivers client data center architectures utilizing IP, Fibre Channel, or the latest in data center fabric technology.



AT THE DATA CENTER, WHERE THE CLIENTS PROCESS “BIG DATA”Some data ingest centers receive over 86,000 hours of UAV drone video each day in addition to countless levels of sensor and signal traffic. It is no question that the ISR client data centers drive Big Data. This data is the very information that analyst use to enable the government to provide for the health, safety, and overall protection of its constituents. The huge amount of data places a tremendous burden on the analyst looking for actionable intelligence. Regardless of the amount of data, no frames may be dropped. Brocade provides state-of-the-art IP and Storage Area Network (SAN) data center fabrics. The Brocade IP and Fibre Channel data center solutions are enabling Department of Defense, civilian, and intelligence community users to process the massive data ingest in the manner that they choose.

The client data center requires the ability to acquire, process, store, and distribute the raw signal, the processed data, and the stored data products for mission-based analysis. Brocade delivers a best-in-class storage and IP multicast network solution for the ground station and the data ingest and processing center, and the best-in-class data center fabric for the receiving client location.

Brocade Provides Three Flexible Options for Data Centers

Data Center Architecture #1This data center utilizes the Brocade data center fabric. This state-of-the-art data center implementation offers leading performance, fan-out, density, as well as reliability. Data Center Architecture #1 was designed specifically for Ethernet and storage fabric architectures in the data center LAN. This data center provides support for N x 1/10/40 GbE and 100 GbE. Data Center Architecture #1 is built for Big Data. This data center provides industry-leading performance, extremely low latency, and fits the migrate-at-your-own-pace model. Agencies can test this proven solution in their lab, make it operational, and begin integrating IP and Fibre Channel systems with low risk.

The Brocade data center fabric contains the Brocade VDX 8770 Switch and the Brocade VDX line of access switches. The Brocade VDX can act as an “end of row” switch, fabric core, or even as a core Layer 3 router. The Brocade VDX 8770 can also be connected to the Brocade MLXe, a purpose-built core router that provides best-in-class routing technology and high performance with a choice of 10/40 GbE and 100 GbE connections. With the Brocade VDX 8770 and its industry-leading 3.6 µs of latency, your agency is ready for high-speed performance and ultra-high density virtualization. Currently, Brocade VCS® Fabric technology enables a single VCS fabric to scale up to 8000 switch ports with up to 384,000 virtual machines attached to the fabric.

The Brocade VDX product line provides data center bridging support for iSCSI and NAS deployments. Your data center technology choice might be the data center fabric, IP (NAS), Fibre Channel, or a blending of all three. Regardless of your choice, Brocade provides a feature-rich solution that delivers high performance, scalability, security, predictable network behavior, and reliability.

Data Center Architecture #2This data center model represents the agency with Fibre Channel that is migrating to IP from Fibre Channel. The first step is to implement the Brocade data center fabric, based on Transparent Interconnection of Lots of Links (TRILL). This fabric consists of N x 10 GbE, or N x 40 GbE fabric links between the edge switches running N x 1/10 GbE or 40 GbE to the application servers. Like Data Center #1, the fabric interconnects from the edge to the core Brocade 8770 switches. The server farm can receive the signal at a very high speed using one or more 10 GbE interfaces, or even N x 40 GbE interfaces to the data center fabric. Process the data and extract the original signal from the IP stream, and ultimately store the data over Brocade IP, Generation 5 Fibre Channel, Fibre Channel over Ethernet (FCoE) using block storage or NAS.

The interim step between migration from Data Center #3 and Data Center #2 is to bridge the Brocade DCX® 8510-based Fibre Channel storage to servers using the Brocade CNA data center bridging with FCoE or iSCSI. The Agency #2 Data Center has also implemented NAS with tested solutions from any of the Brocade storage partners (ISILON, EMC, NetApp, DDN, or Hitachi).



Data Center Architecture #3This example displays the legacy data center. Typically, the legacy data center has a Layer 3 core and distribution tier and Layer 2 to the server (applications). The Brocade DCX 8510 Fibre Channel-based SAN tier is shown with typically secured for data-at-rest employed. This data center uses Fibre Channel 2/4/8/10 Gbps or even 16 Gbps as its primary storage protocol and interface. Customers with this architecture typically have a Layer 2 and Layer 3 data center architecture with Spanning Tree enabled. This protocol effectively blocks redundant links to the aggregation and core switching tiers. To unlock the existing bandwidth and access higher performance for north and south traffic to the core, you must migrate to Data Center #2 or Data Center #1.

FUTURE OPTIONS FOR ISR NETWORKS TODAYThe ISR architects are working to resolve many anticipated demands that are expected to affect the current architecture. Planners must be able enable the backbone to adapt rapidly to an ever expanding client base, reliably transport their desired signals from remote locations, possibly in theater, back to their data center where the raw, or pre-processed data, will be further distributed and managed, stored and ultimately analyzed. To enable the ISR architecture in the current network posture, to facilitate the rapid expansion, without being slowed down by operational and logistical complexities is key to the success of this next generation ISR expansion. Not only are ISR architects asked to do this, but they are encouraged to design and build ISR architectures that act as a system of systems.

Brocade has developed solutions that meet the logistical and operational challenges by developing solutions that provide these benefits:

•Reduction of SWAP at the signal acquisition area of deployment and at the tactical ground station through Network Function Virtualization (NFV) using Software-Defined Network (SDN) elements.

•Efficient control of delivery of services between the tactical and base ground stations, the Wide Area Network (WAN), and the client data center ingest network through the use of OpenFlow.

•Efficient handling of data center IP and storage network traffic at the base ground station processing, and handling of the client data center through the use of fabric architectures. (Previously discussed).

Network Function VirtualizationWhile Brocade has had success in solving many issues that have affected ISR architectures for several years, Brocade has also begun building the elements required for ISR architectures of tomorrow. For example, in Figure 5, the Brocade FCX and ICX on the left would be replaced with a like feature set that reduces the economics, complexity, and logistical impact of current deployments. To address the constrained environment, NFV elements developed by Brocade reduce space, power, cabling, switching units, routers, firewalls, DCHP servers, VPN concentrators, and application load balancers with virtualized images that perform these functions. These capabilities reside on a server platform and coexist with other mission applications. This NFV solution is hypervisor agnostic and runs on any x86 platforms. In Figure 5, NFV enables a reduction from over 70 cables to less than 10, and NFV replaces up to 40 physical systems with a pair of ruggedized servers. The resultant energy reduction extends the period that systems can be deployed before fuel drops in forward areas are required.



Figure 5. Virtualized Systems at Signal Acquisition. Unique Brocade Capability: Next Signal Source Initial Processing.

Simplifying Operations and Expansion through OpenFlowBrocade has largely addressed the ISR network performance, throughput, fan-out, and scalability requirements with exceptional system architecture and design implementation of network applications, like multicast. Brocade now sees that operational control of large, ever-expanding, complex, network applications and their delivery can be simplified.

One of the promising attributes of the Brocade product design trajectory is that it includes the notion of operating the network as part of a system of systems. To facilitate this capability, Brocade has implemented OpenFlow capabilities into its networking platforms that enable ISR planners to deliver point-to-point, and point-to-multipoint services for ISR application clients. Brocade products can operate as OpenFlow devices, by keeping the packet forwarding hardware role in the device but extract the control plane to an OpenFlow controller. Brocade products also can operate in hybrid mode, which keeps the data plane and control plane within the system while a migration plan is executed.



Figure 6. ISR Architecture Based on Network Function Virtualization and OpenFlow Centralized Control Plane. Brocade capability for delivering ISR at a system of systems level implementation.

OpenFlow is an SDN protocol that enables communication between an OpenFlow controller and an OpenFlow-enabled router. In a classic router or switch, packet forwarding (data path) and high-level routing decisions (control path) occur on the same device. An OpenFlow switch separates these two functions. The data path portion still resides on the switch, but high-level routing decisions are moved to a separate controller. OpenFlow removes operational complexity and delivers services in a uniform fashion through a centralized control environment using an OpenFlow controller. By marrying a standardized control plane to an already standardized forwarding plane, OpenFlow resolves several issues.

•No longer requires widespread field expertise with multiple command line interfaces.

•Simplifies data forwarding by centrally managing services, versus wide variances of internal switch hardware software rules.

•Eliminates management by a series of silo network management platforms and operators.

Across the ISR architecture, OpenFlow support delivers centralized rule sets (control plane) over a self-healing network that fosters architecture wide survivability in a competitive environment.



CYBER-SECURITY PROTECTIONIn addition to the previously stated architectural benefits, Brocade products provide unique benefits for protection of the data, as well as its delivery from end to end. The use of sFlow technology enables the network infrastructure to function as a security sensor grid that is capable of feeding information to a collector. The sFlow collector collects and monitors network behavior and anomaly detection information that is received from the network sensor grid. The information provides operation centers the ability to detect zero-day attacks, worms, denial-of-service attacks, unauthorized devices, and insider threats. Brocade MLXe switches currently support sFlow. Brocade ICX, FCX, and SX switches expect to receive this feature via software upgrade (no hardware change) to support sFlow in the first half of 2014.

The Brocade data center portfolio includes the Brocade Encryption Switch (BES), which includes the ability to provide encryption of the data-at-rest. The BES has been tested and approved by National Institute of Standards and Technology (NIST) to Federal Information Processing Standard (FIPS) 140-2 level 3. The BES works with key management solutions from partners such as SafeNet, NetApp, HP, IBM, RSA, and Thales. When the processed data is mirrored to backup storage area networks or disaster preparedness storage networks, you might also want to encrypt the data on-the-fly. This encryption can be done at Advanced Encryption Standard - Galois Counter Mode (AES-GCM) 256-bit strength in 8 x 8 Gbps Inter-Switch Links (ISLs), or 4 x 16 Gbps ISL trunks (up to 64 Gbps links between data centers). This encryption is shown in Figure 4 (on page 9). as an encrypted connection between Data Center #3 and Data Center #2. In addition to this unique capability, these Brocade products have also received FIPS 140-2 level 2 validation: Brocade VDX series #1802, Brocade DCX series #1796, and the Brocade MLXe series #1917.

SUMMARY: WHAT DIFFERENTIATES BROCADEBrocade has demonstrated world-class solutions in all areas of the network architecture where IP communications and storage area networking are required. Brocade offers scalable solutions that consistently outperform competing platforms (specifically within ISR applications). This performance is a direct result of predictable performance, system expandability, and a resulting cost model at a fraction of the per port cost demonstrated by competing solutions. The key elements of the Brocade ISR architecture include these:

•Existing and cutting-edge solutions to reduce space, weight, and power in austere environments

•Ultra-high fan-out for multicast applications

•Greater scaling with higher port density and lower cost per port than other COTS solutions

•Works with data centers based on Brocade Fabric, IP, and Fibre Channel

•Encryption of data on-the-fly and encrypted data-at-rest

•Currently capable of transitioning your ISR architecture to the future

The Brocade data center architecture that is utilized in ISR applications is flexible and can be inserted into the data center of an agency at any stage of its architectural lifecycle. The Brocade solution is unique because it provides elements that provide network predictability, high density, and easy adaptation to increased demands. These features translate to a longer life-cycle and a reduced economic impact on the program overall. The techniques used for translating analog streams to data framing format may evolve (that is, VITA 49.1). However, the distribution mechanism that enables the clients to receive the stream is multicast IP traffic. This distribution mechanism is the key common requirement where the Brocade MLXe platform delivers the best-in-class transmission solution for ISR applications. The flexible data center options, which include architectures based on Brocade Fabric, IP, and Fibre Channel, make Brocade an ideal partner for delivering the key enablers of high performance ISR solutions at the client ingest data centers.



APPENDIX ATable 2. Brocade ISR Data Center Architectural Elements referenced in this document.

Brocade MLXe Brocade ICX Brocade VDX Brocade Vyatta Brocade DCX

Satellite-Based Ground Station Data Center. IP WAN. Data Center

Tactical or Remote Ground Station

Satellite-Base Ground Station Data Center. IP WAN. IP and Fabric-Based Data Center

Tactical or Remote Ground Station

Fibre Channel-Based Data Center

High-Performance, Full-Featured Router

• OpenFlow/SDN support

• 15.36 Tbps Forwarding

• 32 100 GbE, 256 10 GbE, and 1,536 1 GbE wire-speed ports

• IPv4, IPv6, MPLS, Layer 3 VPNs, VPLS, Layer 2 PW

• 1M FIB routes, 2000 BGP peers

• Best-in-class power efficiency

• 1-GbE, 10-GbE, 40GbE & 100-GbE modules

• Embedded security

• Secure management

• Hitless failover and upgrade; non-stop routing

• NEBS Level 3 Certified

Industry-leading scalability up to:

• 10 million BGP routes

• 1 million IPv4 routes in hardware (FIB)

• 240,000 IPv6 routes in hardware (FIB)

• 2000 BGP peers per system

• 2000 BGP/MPLS VPNs and up to 1 million VPN routes

• 48,000 VLLs per system

• 16,000 VPLS instances and up to 1 million VPLS MAC addresses 64,000 RSVP-TE LSPs

• 4094 VLANs and up to 2 million MAC addresses

• Large-scale Equal Cost Multi-Path (ECMP); up to 32 paths for unicast and multicast

High-Performance, Virtual Chassis Switching/Routing

• OpenFlow/SDN support

• 320 Gbps of stacking bandwidth per switch

• Hitless stacking for data and control (up to 8 units*)

• High-density uplinks

• 40 GbE uplinks (stacking ports)

• Up to 8×10 GbE ports per switch

Optimum flexibility and high availability, Redundant, removable, load-sharing power supplies

• PoE/PoE+

• Redundant, removable fan

Scalability:

• 12K ACL, 16K routes, 32K MAC, 8K multicast groups

• Hardware-ready for encryption via MACsec

• sFlow for granular network traffic accounting

• Full Layer 3 feature capability

• MAC addresses: 32,000

• Maximum VLANs: 4096

• Maximum Routes: 16,000

• QoS Features

• Traffic Management

• High Availability

• Embedded Security

• Secure Management

* Model Dependent

Ethernet Fabrics for Access & Aggregation in the LAN

• OpenStack/SDN

• Auto Migration of Port Profiles

• VM-Aware

• FCoE

• Quality of Service (QoS )

• Support for 1G,10G,40G &100G* ethernet.

• Data Center Bridging

• DCB support for iSCSI and NAS for 1/10/40/100 GbE* DCB support for iSCSI and NAS.

Scalability:

• VLANs: 4096

• MAC addresses: 384,000

• IPv4 routes: 352,000

• IPv6 routes: 88,000

• ACLs: 57,000

• Port profiles (AMPP): 256

• ARP entries: 128,000

• Switches in a VCS fabric: 24

• ECMP paths in a VCS fabric: 8

• Trunk members for VCS fabric ports: 8

• Switches across which a vLAG can span: 4

• Members in a vLAG: 32

• Jumbo frame size: 9208 bytes

• DCB Priority Flow Control (PFC) classes: 8

*Planned

Full-Featured Virtualized Functionality

• OpenFlow/SDN

• IPv4 / IPv6 Routing. OSPFv2, BGP.4, BGP6, RIPv2. BGP Multipath. IPv6 CSLAAC. Multicast

• IP Address Management:

• Static

• DHCP Server

• DHCP Client

• DHCP Relay

• Dynamic DNS

• DNS Forwarding

• IPv6 DNS Resolver

• IDHCPv6 Server, Client

• DHCPv6 Relay

Firewall:

• Stateful Inspection Firewall

• Zone-based Firewall

• P2P Filtering

• IPv6 Firewalling

• Time-based Firewall Rules

• Rate Limiting

• ICMP Type Filtering

• Stateful

Tunneling / VPN:

• SSL-based OpenVPN

• Site to Site VPN (IPsec)

• Remote VPN (PPTP, L2TP, IPsec)

• Virtual Tunnel Interface

• OpenVPN Client Auto-Configuration

• Layer 2 Bridging over GRE

• Layer 2 Bridging over OpenVPN

• OpenVPN Dynamic Client

• Dynamic Multipoint VPN

• High Availability, VRRP, Clustering, RAID

• Diagnostics, Administration and Authentication, TACACS+, QoS Policies.

Works with ESXi, XEN, XenServer, KVM, HyperV, AWS on Any x86 platform.

Designed for high performance dedicated Storage Network

• Full support for 2/4/8/16 G Fibre Channel provides the highest density and performance vs. competing solutions

• Special Purpose Blades:

• Brocade FS8-18 Encryption Blade

• Brocade FX8-24 Extension

• Blade provides SAN extension over IP networks

• Chassis bandwidth up to 8.2 Tbps per chassis

Scalability: Full fabric architecture of 239 switches

• Certified maximum

• 6000 active nodes

• 56 switches

• 19 hops in Brocade Fabric OS® fabrics

• 31 switches, larger fabrics certified as required

Brocade UltraScale Inter-Chassis Links (ICL) bandwidth

Available Available Available Available Available

© 2013 Brocade Communications Systems, Inc. All Rights Reserved. 07/13 GA-TB-482-00

ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and HyperEdge, The Effortless Network, and The On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of their respective owners.

Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.

DATA CENTER TECHNICAL BRIEF

FFM_–_Technical_Brief_–_Network_Solutions_for_Intelligence_Surveillance_and_Reconnaissance

Documents

Transcript of FFM_–_Technical_Brief_–_Network_Solutions_for_Intelligence_Surveillance_and_Reconnaissance