ex12 optical bypass application v1.1
TRANSCRIPT
Ta
pp
ing
, A
gg
reg
ati
on
an
dF
ilte
rin
gwww.cubro.net
Bringing simplicity to today´s and tomorrow´s communication networks
Optical 10 Gbit Bypass
with Packetmaster EX12
Ta
pp
ing
, A
gg
reg
ati
on
an
dF
ilte
rin
gwww.cubro.net
Bringing simplicity to today´s and tomorrow´s communication networks
General function
Bypass Switches provide fail-safe Inline tool protection for your security and monitoring devices.
Ta
pp
ing
, A
gg
reg
ati
on
an
dF
ilte
rin
gwww.cubro.net
Bringing simplicity to today´s and tomorrow´s communication networks
Option 1 Multimode (LR) solution
The Cubro Bypass for 100 Gbit per link in
multimode is realized with optical MEMS
switches. Each link uses2 switches combined
into one module.
The switching mechanism offers the reliability
of a solid state device. By implementing
latched optical switches power is only
needed during switching. Even if the power
fails the optical switches stay in the
programmed state.
Options to activate the bypass:
1. manually via SSH or HTTP
2. power fail
3. smart detection of the bypassed device
optical output power
Optical Parameters:
Wavelength 1260 - 1700 nm
Insertion Loss 1 - 2 dB
Crosstalk 75 dB
Return loss 55 dB
Polarisation Dependent Loss 0.03 dB
Switching Time 0.4 ms
Durability cycles No wear
Ta
pp
ing
, A
gg
reg
ati
on
an
dF
ilte
rin
gwww.cubro.net
Bringing simplicity to today´s and tomorrow´s communication networks
Packetmaster EX12
Packetload 176 Gbit
Ports Gbit 8 SFP or 8 Base-T
Ports 10 Gbit 12 SFP/SFP+
Ports 40 Gbit none
GUI CLI/WEB/GUI
Packetbuffer YES
Delay 2 µs
Dual Power YES
12000 Filters Layer 4
MPLS tag/detag
VLAN tag/detag
Header modification Layer 4
Load balancing Layer 3
GRE de/encapsualtion
All ports activated
All software activated
Low power design
Ta
pp
ing
, A
gg
reg
ati
on
an
dF
ilte
rin
gwww.cubro.net
Bringing simplicity to today´s and tomorrow´s communication networks
General Function
10 Gbit firewall bypass with monitoring output
monitoring before and after firewall !
Ta
pp
ing
, A
gg
reg
ati
on
an
dF
ilte
rin
gwww.cubro.net
Bringing simplicity to today´s and tomorrow´s communication networks
Normal Operation
The traffic passes the optical bypass with no delay, then the traffic is passing
the EX 12 with a very small delay < 1 µs. The EX12 adds a heart beat traffic.
These heart beat packets pass the firewall and the EX12 detects them again.
If the amount of heart beats per second is correct the EX12 knows the firewall
is working properly.
1
2
8
7
6
5
3
4
Ta
pp
ing
, A
gg
reg
ati
on
an
dF
ilte
rin
gwww.cubro.net
Bringing simplicity to today´s and tomorrow´s communication networks
Firewall fail
If the heart beat packets are not detected by the EX12, the Packetmaster
goes in bypass mode and bypasses the firewall.
The switching time is in range of 3 µs.
1
2
4
3
Ta
pp
ing
, A
gg
reg
ati
on
an
dF
ilte
rin
gwww.cubro.net
Bringing simplicity to today´s and tomorrow´s communication networks
Firewall fail and re-route to spare
In the case a spare firewall is available the
Packetmaster can also re-route the traffic to this
unit. This feature is also available as manual
function for software testing and upgrades.
1
2
6
5
3
4
Ta
pp
ing
, A
gg
reg
ati
on
an
dF
ilte
rin
gwww.cubro.net
Bringing simplicity to today´s and tomorrow´s communication networks
PM fail
In the theoretical case that the Packetmaster fails, the optical bypass will
bypass the Packetmaster to ensure the firewall works normal.
The Packetmaster sends keep alive massages to the Bypass switch so that
the Bypass knows the status of the Packetmaster.
1 432
Ta
pp
ing
, A
gg
reg
ati
on
an
dF
ilte
rin
gwww.cubro.net
Bringing simplicity to today´s and tomorrow´s communication networks
Monitoring Function
The monitoring function is available in any
operation mode. It supports layer 4 filtering
and port aggregation to any monitoring
device.
1
2
8
7
6
5
3
4
Ta
pp
ing
, A
gg
reg
ati
on
an
dF
ilte
rin
gwww.cubro.net
Bringing simplicity to today´s and tomorrow´s communication networks
Security Function 1/3
This solution also provides a security option. The
EX12 offers 12000 filter rules, these rules can be
used to block unwanted traffic by hardware filters,
based on blacklists, for example per country.
The EX12 is immune against DoS attacks because there is no software stack.
The Packetmaster can also provide a bandwidth meter function that can limit the
incoming traffic to protect the firewall.
Ta
pp
ing
, A
gg
reg
ati
on
an
dF
ilte
rin
gwww.cubro.net
Bringing simplicity to today´s and tomorrow´s communication networks
Security Function 2/3
Ta
pp
ing
, A
gg
reg
ati
on
an
dF
ilte
rin
gwww.cubro.net
Bringing simplicity to today´s and tomorrow´s communication networks
Security Function 3/3
DoS detection through a dedicated probe, example INVEA-Tech, probe is net
flow probe which can detected fraud and send this information to the
Packetmaster, where this traffic can be blocked.