DWDM is the backbone technology for optical networks but presents a challenge to government agencies with intercept responsibilities.

By Mike Seidler, Senior Product Manager, NetQuest Corporation

Dense Wave Division Multiplexing (DWDM) networks provide the capacity to carry the data of the internet and the long-distance reach to span the globe; they have forever changed the way the world builds communication networks. Carriers all over the world are deploying Metro, Regional and Long-haul DWDM networks connecting their OTN, Native Ethernet and legacy SONET/SDH networks.

Traffic growth is the underlying driver for 100G+/100G/40G DWDM network transports and today’s DWDM systems are closing in on supporting terabits of data per second over a single optical fiber.

These optical networks represent a tremendous cyber intelligence opportunity for national government intelligence agencies; however, intercepting and monitoring traffic carried over DWDM networks presents numerous challenges.

These challenges can be broken down into three significant areas: Access, Discovery and Big Data.

Access
Traditionally, government agencies would choose to avoid directly tapping the DWDM network and instead find a more convenient and less expensive access point in the long haul system.

By avoiding the DWDM network, standard analytic tools can typically be leveraged without having to first unravel all the wavelengths and underlying transport protocols within a typical DWDM signal.

Avoiding the requirement for DWDM network access is becoming increasingly challenging as the deployment of DWDM networks expands beyond backbone, subsea and long-haul applications and the number of active wavelengths grows to the current standard of 96 per fiber.

Physical space has also provided access challenges in the past as a combination of test and transport gear has traditionally been required to tap into an individual DWDM fiber link and process each of the wavelengths.

Discovery
Government intelligence agencies are often required to monitor networks that are not under their primary control. Under these circumstances, in order to provide a traffic monitoring solution, wavelengths captured from a DWDM network must be decoded to reveal the potentially complicated mix of transport protocols and traffic types that exist on the targeted wavelength.

This includes the discovery and reporting of OTN signals encapsulating channelized OTU4/3/2/2e, SONET/SDH signals including OC-192/STM-64 and OC-48/STM-16, as well as native 100/40/10G Ethernet flows.

An example of the potential complexity of a common transport signal carried over just a single DWDM wavelength is shown in Figure 1. The discovery process could take weeks of effort for just a single DWDM fiber pair.

Figure 1: Optical networks can hide a complex transport architecture that makes gaining visibility into the data being carried extremely difficult.

The discovery process is additionally complicated by the constant evolution of the transport network and shifts to the mix of protocols and traffic types.

Network service providers are frequently turning up new wavelengths and the advent of software-defined networking (SDN) is enabling innovative methods for instantly re-provisioning the network to address dynamic bandwidth needs.

This flexibility is a tremendous feature for the service providers but further complicates the intercept mission.

Big Data
Once the architecture of the target network has been discovered, the task of processing the traffic begins. However, as DWDM networks approach terabit speeds, this can translate into an untenable amount of data to process.

The vast majority of this ‘Big Data’ on the DWDM fiber link is typically not of immediate interest to government agencies and hence the ability to narrow the scope of data being forwarded to costly network analytic tools for deep packet inspection can be extremely beneficial.

Traditional Solutions
Monitoring a DWDM network typically requires the use of many pieces of standard transport and test equipment such as protocol analyzers, spectrum analyzers, routers, and ROADMs.

The precise components can be difficult to identify but are typically sufficient to access, discover and handle the big data found on any individual wavelength as shown in Figure 2.

Figure 2: Traditional DWDM intercept solutions require combining many different pieces of costly transport and test equipment

The mix of the required equipment is further complicated by the varying speeds of each of the wavelengths which can range from 2.5G up to 100G+ bits per second. Additionally, any changes to the number of active wavelengths or an upgrade to bandwidth capacity over any single wavelength could also require a costly upgrade to the necessary equipment.
Configuring and maintaining the infrastructure needed to monitor the DWDM links in modern optical transport networks is time-consuming and typically requires a large amount of expensive manual labor to operate effectively.

Multiple international government agencies have confirmed this time-consuming process can take weeks to complete the DWDM network discovery process alone.

Emerging Solutions
Innovative network intercept solutions are using advanced technologies to automate many of the aforementioned processes in an integrated solution. An integrated DWDM monitoring solution using standardized technology such as Erbium-Doped Fiber Amplifiers (EDFA), Optical Channel Monitors (OCM), Wavelength Selective Switches (WSS) and the latest in programmable HW lowers the cost and significantly simplifies the management challenge.

Figure 3 shows how these components can be used in an integrated monitoring solution to access individual DWDM wavelengths, discover each wavelength’s traffic profile and intercept specific data of interest.

Figure 3: An integrated approach to DWDM intercept simplifies the automation of the monitoring process and maintains constant surveillance.

The integration of these elements into a purpose-built solution simplifies the automation of the critical monitoring processes and eliminates the manual network discovery and mapping required in traditional solutions.

An integrated DWDM intercept solution will scan the traffic protocol mixes and alert cyber intelligence operators to any changes to the monitored network so critical surveillance is constantly maintained.

Conclusion
DWDM networks present a difficult challenge to government intelligence agencies tasked with cyber-surveillance.

The complex traffic analytic tools used for critical cyber applications require a flexible and automated network access methodology that enables rapid and continuous discovery of the network architecture and its numerous traffic flows.

Traditional DWDM intercept solutions require several separate components resulting in high costs and inefficiencies and are challenged to react to changes in the targeted network. Integrated systems present an opportunity for a cost-effective automated solution that quickly discovers the fiber network architecture and steers the traffic flows of interest to the appropriate analytic tool while instantly reacting to any changes to the monitored network.

DWDM remains the backbone technology of the internet and intercept solutions must advance as quickly as the optical technology does in order to ensure the effectiveness of critical cyber intelligence missions.

About the Author
Mike Seidler is a senior product manager for NetQuest Corporation where he directs the development of the company’s automated intercept access and intelligent monitoring solutions.
Prior to his current position, he was a product manager for ARRIS and a principal hardware engineer for Motorola.
Mike can be reached at mseidler@netquestcorp.com and via NetQuest’s corporate website at http://www.netquestcorp.com/.