[unisog] IDS INFO

Peter Van Epp vanepp at sfu.ca
Thu Aug 30 19:10:14 GMT 2001


Unisog moderator:
	While this is far from security in to network engineering (which is 
my primary role rather than security), it may be interesting to unisog anyway.
Dan and I have been discussing optical splitters offline from the list to 
connect IDS systems to (which is the only link to anything security related :-))
so I'll let you decide whether to forward it to unisog as well.
	Thats were power budget comes in. I've always used %80/%20 for max
protection of the production circuits. The splitter is just that a passive 
device that diverts some of the optical power. In an %80/%20 %80 of the light
goes to your production load (which degrades the noise margin by a bit, but 
as long as the end point optical power is still within spec thats OK). In
this case the IDS interface only gets %20 of the optical power (but is 
presumably very close and thus still within the acceptable receive power level).
If there are going to be errors they will be on the IDS side most likely.
This presumes your production run is long haul (many meters away) and your 
IDS is local. If both segments are local (as it sounds like they will be in 
your case) a %50/%50 splitter will do. That divides the input power evenly 
between the ports, half to each. The noise margin is reduced a bit by this, 
but the optical power is likely (you need to measure with an optical power 
meter to make sure) within the acceptable range for the transiever (that range
is usually about 20 db or more as I recall). That means there is less chance
of an error occuring on the stub to your IDS. The length of the fibre runs
(and the power budget) are what controls which splitter you should/can use.
	You also on an %80/%20 to make sure you connect the right fibres to 
the right ports. Getting it backwards may work but degrade the noise immunity
of your production circuit and cause hard to find performance problems.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada



> 
> Peter...
> 
> Thanks for the info, can you tell if there is any advantage or disadvantage to using 80/20 versus 50/50. I have heard that that is just the way the tap is splitting the signal, but don't really understand what the significance is. 
> 
> 
> Thanks 
> 
> 
> Dan Sutherland     
> JH Network Security
> Network and Telecommunications Services
> Johns Hopkins University and Medical Institutions
>                               
> 
> >>> Peter Van Epp <vanepp at sfu.ca> 08/30/01 10:26AM >>>
> 	While I haven't done it on GigE (yet) netoptics optical splitters
> work fine for ATM and should work fine for GigE. I use the %80/%20 version
> but %50/%50 is available (depending on the length of run and power budget of
> what you are tapping in to). You do need an IDS capable of doing FDX for this.
> www.netoptics.com.
> 
> Peter Van Epp / Operations and Technical Support 
> Simon Fraser University, Burnaby, B.C. Canada
> 
> 
> > 
> > We are trying to fiugure out a way to gather IDS data via gigabit LX taps, but it seems that there are a number of obticles. Apparently, you will loose lower level errors if you use port-mirroring on a switch, not to mention the amount of data that is lost due to light splitting. Does any one have any suggestions or information as to how this might be done?
> > 
> > Thanks
> > 
> > 
> > Dan Sutherland     
> > JH Network Security
> > Network and Telecommunications Services
> > Johns Hopkins University and Medical Institutions
> >                               
> > 
> > 
> 
> 
> 



More information about the unisog mailing list