Brocade Telemetry Solutions



Similar documents
Brocade and McAfee Change the Secure Networking Landscape with High Performance at Lowest TCO

Building Tomorrow s Data Center Network Today

Data Center Evolution without Revolution

Brocade One Data Center Cloud-Optimized Networks

Ethernet Fabrics: An Architecture for Cloud Networking

Multi-Chassis Trunking for Resilient and High-Performance Network Architectures

Brocade SIP-Intelligent Application Switching for IP Communication Services

Choosing the Best Open Standards Network Strategy

Ensuring a Smooth Transition to Internet Protocol Version 6 (IPv6)

Ten Ways to Optimize Your Microsoft Hyper-V Environment with Brocade

Scalable Approaches for Multitenant Cloud Data Centers

Get the Most Out of Data Center Consolidation

Brocade sflow for Network Traffic Monitoring

Deploying Brocade VDX 6720 Data Center Switches with Brocade VCS in Enterprise Data Centers

Multitenancy Options in Brocade VCS Fabrics

The Business Case for Software-Defined Networking

How To Connect Your School To A Wireless Network

Brocade Network Monitoring Service (NMS) Helps Maximize Network Uptime and Efficiency

Brocade Campus LAN Switches: Redefining the Economics of

NETWORK FUNCTIONS VIRTUALIZATION. The Top Five Virtualization Mistakes

WHITE PAPER. Cloud Networking: Scaling Data Centers and Connecting Users

Introducing Brocade VCS Technology

Brocade Monitoring Services Security White Paper

Fibre Channel over Ethernet: Enabling Server I/O Consolidation

WHITE PAPER. Gaining Total Visibility for Lawful Interception

DEDICATED NETWORKS FOR IP STORAGE

The Road to SDN: Software-Based Networking and Security from Brocade

Brocade and EMC Solution for Microsoft Hyper-V and SharePoint Clusters

Solution Guide: Brocade Server Application Optimization for a Scalable Oracle Environment

NETWORK FUNCTIONS VIRTUALIZATION. Segmenting Virtual Network with Virtual Routers

Facilitating a Holistic Virtualization Solution for the Data Center

WHITE PAPER. Enhancing Application Delivery and Load Balancing on Amazon Web Services with Brocade Virtual Traffic Manager

Cloud Optimized Performance: I/O-Intensive Workloads Using Flash-Based Storage

IMPLEMENTING VIRTUALIZED AND CLOUD INFRASTRUCTURES NOT AS EASY AS IT SHOULD BE

Extreme Networks CoreFlow2 Technology TECHNOLOGY STRATEGY BRIEF

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Cloud-Optimized Performance: Enhancing Desktop Virtualization Performance with Brocade 16 Gbps

BROCADE OPTICS FAMILY

COMPARING STORAGE AREA NETWORKS AND NETWORK ATTACHED STORAGE

ADVANCING SECURITY IN STORAGE AREA NETWORKS

Observer Probe Family

Out-of-Band Security Solution // Solutions Overview

Allied Telesis provide virtual customer networks

Intelligent Data Access Networking TM

SafeNet Network Encryption Solutions Safenet High-Speed Network Encryptors Combine the Highest Performance With the Easiest Integration and

Best Practices for Network Monitoring How a Network Monitoring Switch Helps IT Teams Stay Proactive

Chapter 1 Reading Organizer

Solving Monitoring Challenges in the Data Center

CLE202 Introduction to ServerIron ADX Application Switching and Load Balancing

Cloud Service Delivery Architecture Solutions for Service Providers

July, Figure 1. Intuitive, user-friendly web-based (HTML) interface.

ethernet services for multi-site connectivity security, performance, ip transparency

BROCADE PERFORMANCE MANAGEMENT SOLUTIONS

Simplifying Virtual Infrastructures: Ethernet Fabrics & IP Storage

Multi Stage Filtering

NEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service

Virtualized Security: The Next Generation of Consolidation

Simple Law Enforcement Monitoring

WHITE PAPER. Monitoring Load Balancing in the 10G Arena: Strategies and Requirements for Solving Performance Challenges

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

WHITE PAPER MICROSOFT LIVE COMMUNICATIONS SERVER 2005 LOAD BALANCING WITH FOUNDRY NETWORKS SERVERIRON PLATFORM

Best Practices: The Key Things You Need to Know Now About Secure Networking Layer 1 (SONET), Layer 2 (ATM), and Layer 3 (IP) Encryption Technologies

Gaining Operational Efficiencies with the Enterasys S-Series

Brocade Fabric Vision Technology Frequently Asked Questions

Session Border Controllers in Enterprise

Voice Over IP Performance Assurance

Transparent Cache Switching Using Brocade ServerIron and Blue Coat ProxySG

Brocade Solution for EMC VSPEX Server Virtualization

What is Carrier Grade Ethernet?

Cisco IOS Flexible NetFlow Technology

Exploring Software-Defined Networking with Brocade

BASCS in a Nutshell Study Guide for Exam Brocade University Revision

The Brocade SDN Controller in Modern Service Provider Networks

Observer Probe Family

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

Cisco Catalyst 3750 Metro Series Switches

Secure Access Complete Visibility

Flow Analysis Versus Packet Analysis. What Should You Choose?

Partner with the UK s leading. Managed Security Service Provider

Methods for Lawful Interception in IP Telephony Networks Based on H.323

QRadar Security Intelligence Platform Appliances

Scale-Out Storage, Scale-Out Compute, and the Network

BROCADE NETWORK ADVISOR

APPLICATION NOTES High-Availability Load Balancing with the Brocade ServerIron ADX and McAfee Firewall Enterprise (Sidewinder)

Central Office Testing of Network Services

WHITE PAPER. Protecting Your Network From the Inside-Out. Internal Segmentation Firewall (ISFW)

STAR-GATE TM. Annex: Intercepting Packet Data Compliance with CALEA and ETSI Delivery and Administration Standards.

Brocade VCS Fabrics: The Foundation for Software-Defined Networks

Business Case for BTI Intelligent Cloud Connect for Content, Co-lo and Network Providers

Enhancing Cisco Networks with Gigamon // White Paper

Transcription:

WHITE PAPER www.brocade.com Service provider Brocade Telemetry Solutions telemetry applications such as Monitoring and Lawful Intercept are important to Service Providers and impose unique requirements on network equipment. Brocade network telemetry devices offer the most scalable monitoring solutions that allows operators advanced visibility into their network.

Telemetry is used by organizations to monitor their networks for security intrusion detection, application performance management, packet inspection and analysis and a wide range of other applications. Co-location and hosting companies can offer value-added telemetry services to their customers. In addition, organizations are required by federal mandate to be able to monitor specific individuals or groups. This paper describes the requirements for Service Provider (SP) networks to support Monitoring (NM) and Lawful Interception (LI) applications. In addition, the paper provides use cases for Brocade telemetry solutions in the mobile backhaul and data center markets. Introduction telemetry refers to the monitoring and reporting of information on a network. Monitoring (NM) is used by Service Providers (SPs) to evaluate network performance and for security applications. SPs use monitoring applications for content types such as voice, video, and text. Monitoring these services for quality and performance is important for Service-Level Agreement (SLA) conformance. It is also important to SPs to measure their network performance to maximize returns from their assets. Lawful Intercept (LI) has become very important to Law Enforcement Agencies (LEAs) in the wake of increased security threats. LI laws, such as Communications Assistance for Law Enforcement Act (CALEA), dictate that information on specific individuals or groups be made available to LEAs when needed. This paper describes the requirements for SP networks and data centers to support Monitoring and Lawful Intercept applications. (It should be noted that large campus networks also have similar requirements.) Monitoring Monitoring (see Figure 1) refers to the applications that run in the network for the purposes of evaluating network performance. These applications include application performance management, packet inspection, VOIP analyzers, video analyzers, compliance enforcement tools, and a wide range of other applications. They also include security-related applications such as Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). While most of these applications are for internal use by organizations, some are used for revenue generation. With the increasing adoption of cloud technologies and related security concerns, demand for access to monitored network data is rising. Therefore, Cloud Service Providers, co-location providers, and hosting companies are offering value-added security and monitoring services to their customers. Monitoring applications are thus becoming increasingly important to Service Providers. 2

Routing/Switching Figure 1. High-level architecture for Monitoring. Tapped streams Monitoring Telemetry devices VoIP, video analyzers, IDS/IPS servers, data feed analyzers, data mining tools The requirements for network devices in NM applications depend on the number of applications and the scale of the network being monitored. General application requirements include: Wire-speed delivery of data to servers that run applications such as VOIP analyzers, video analyzers, and traffic monitors. Ability to support 40 Gigabit Ethernet (GbE) and 100 GbE hardware interfaces to accommodate the growing need for high bandwidth monitoring, to support large volumes of data being carried by networks. No impact to the switching/routing network by any monitoring activities such as turning on or off monitoring. The switching/routing network should not see any packet drops or degradation in bandwidth, latency, or other performance metrics when it is being monitored. Isolation of specific streams that pertain to the application being monitored. devices should to be able to support a large number of sophisticated filters to apply to thousands of streams tapped from the switching/routing network. Replication to a specific port or set of ports to allow multiple servers to analyze the same traffic stream. Data can be load balanced across multiple servers to allow for optimal utilization of compute resources. Lawful Intercept Law Enforcement Agencies (LEAs) can be regulatory, administrative, or intelligence agencies. These agencies are required to be able to monitor an individual s or organization s voice, video, are text communications as authorized by judicial authorities. Data is primarily collected as evidence or for investigative analysis. The monitored individual s or organization s calls are tapped at the Service Provider s network and data is sent directly to LEAs. The data collection and its subsequent consumption are all done in accordance with local laws. Data could be collected and examined in real time or the collected data could be retained for future use. The process of collecting and consuming tapped data is referred to as Lawful Intercept. Figure 2 shows the general dynamics of an intercept. The LEA originates an intercept request for an individual or organization to the appropriate entity. In many cases, this could be the Service Provider or operator, such as an ISP, providing Internet, IP telephony, and other services to the individual or organization. In some cases, the intercept may have to penetrate the internal network of an organization, such as a university or business enterprise. 3

Service providers Figure 2. Lawful Intercept enforcement. data Administration and mediation devices Warrant for specific individual or organization Enterprises Requested data (secure) Law enforcement agencies Universities The requirements for LI have been defined by different laws and organizations. The introduction of IP telephony and use of varied communication forms such as e-mail, text messages, social media, and so on, has led to a substantial change in the way LI is defined and implemented. LI has been extended to include monitoring of these content types together with traditional telephone calls. In the US, the CALEA defines the requirements of LEAs for monitoring telecommunication networks. The actual requirements for various LEAs vary based on the nature of the LEA and its jurisdiction. Common requirements are: The subject of investigation could be an individual, organization, or equipment that belongs to the target individual or organization. A warrant (court order) is required to intercept a subject s messages. SPs should not supply unauthorized information to the LEAs. The LI systems must be able to expedite all requests for intercepts of the subject s communications given the time-sensitive nature of these requests. The interception should be transparent to the subject. The interception should not affect the SP s services in any way, including services offered to the subject and to other customers. There could be multiple simultaneous interception requests by LEAs on the same or different subject to the SPs. The intercepted information should not be accessed by unauthorized entities or personnel including SPs and other intermediaries involved in the interception. To this extent, the data should be hidden by encryption and other methods. The intercepted information should be in a format that can be delivered to the LEA network, which may reside outside the carrier s premise. Two kinds of Information are requested of SPs by the LEAs: Contents of Communication (CC). CC includes actual contents of the intercepted data. CC can include voice, video, or textual data and has come to encompass the wide variety of data forms represented by media consumption in the current digital age. Intercept Related Information (IRI). IRI includes information such as duration, time and date and frequency of a session, and the number of unsuccessful attempts to establish a session. It also includes location-based information such as area of the origination and destination of the session. Other technical parameters, such as MAC and IP addresses, can also be included in IRI data. 4

Functional Requirements for NM/LI Three main functions are defined for NM/LI applications: Capturing. For both NM and LI applications, capturing of packets includes the task of extracting information from the communications network. Capturing should not affect the SP network that carrying traffic. For LI, this function includes identifying the sources that will be able to provide the requested information. For instance, this could involve isolating routers or gateways in the network that are carrying the information and extracting this information from these devices within the guidelines described above. The extraction has to be non-intrusive to the SP. Filtering. NM requires the ability to include fine grain filters to gain visibility into specific data streams being monitored. LI requires that unauthorized information cannot be extracted from the network. Thus, information captured has to be filtered to include only authorized information. Delivery. For NM, the filtered information is delivered to the server banks that perform data analysis. Several servers could look at the same data for different analysis requiring data replication. Data is also load balanced across several servers. For LI, filtered information has to be delivered to the Law Enforcement Monitoring Facility (LEMF). The LEMF may not reside in the same premise as the Service Provider. In this case, information is encrypted if it has to be transported over a public network. Architectures for LI/NM The network devices that are used to capture and filter data, such as switches and routers, have several requirements to comply with LI/NM requirements. These devices should offer high-performance switching capabilities. They should be able to isolate the specific voice, video, or data streams requested for the intercept, based on IP address, MAC address, TCP/ UDP headers, and other fields. Filters have to be enabled on the devices, which are switching traffic at wire speed, and should not cause any degradation in switching performance of the network device. This is to prevent subjects from detecting interception events. Typically, Service Providers design monitoring networks depending on their needs, size, and budget. There are at least two network architectures that an SP can use to design a monitoring network: Inband and Out-of-band monitoring networks. Inband Architecture In Inband network architectures (shown in Figure 3), the SP transport network is used to perform both tapping and filtering of traffic streams. This requires that network devices mirror traffic streams that are traversing it to draw out the required streams, while also being able to switch or route traffic without disruption. The devices should see no noticeable impact to switching performance due to traffic mirroring activities. The network devices should be capable of applying a large number of sophisticated filters to volumes of data traversing the Service Provider network. These filters should be able to isolate the traffic streams being monitored. segment Routing/Switching Incoming data segment Figure 3. Inband Monitoring. Intercepted data Monitoring station 5

Inband networks combine monitoring and routing functions within the same device. Therefore, this architecture collapses network layers and costs less to build (CapEx). Since there are fewer devices to maintain, the Inband network is easier to manage. A consolidated network management system can be built to reduce the burden of heterogeneous management software. Operating costs, such as those for power and cooling, are lower. Thus, this architecture offers Service Providers a compelling solution for lower CapEx and OpEx. However, inband network monitoring also reduces the scalability of the monitoring network. Because the same network device does both routing/switching and monitoring, its data forwarding resources and compute resources are divided between these two functions. A network operator looking to build a larger monitoring service is limited by the capacity of these devices. Furthermore, network configuration could become very complicated as the monitoring functionality of the network increases, because of the complexity of filters and data replication rules that need to be applied to the devices. These limitations could force SPs to deploy multiple devices as the monitoring portion of the network increases in size. Out-of-Band Architecture Out-of-band network architecture (shown in Figure 4) separates the monitoring network from the user network. tap equipment is used to replicate data streams with no impact to the switching/routing network. The tapped data streams are fed into the monitoring network, which consists of network devices that filter and replicate data as needed. This data is directed to the LEA network for LI applications or to a server bank for the SP s internal monitoring functions such as accounting, billing, and performance measurements. Thus monitoring activities have no bearing on the SP data delivery and switching network. Routing/Switching Figure 4. Out-of-band Monitoring. taps Monitoring Tapped streams Filtered streams To LEA network or monitoring server banks devices This architecture has several advantages. First, the transport network is insulated from failures in the monitoring network, which provides a greater degree of resiliency to the transport network because of little to no interference from monitoring devices. Second, this architecture allows the monitoring network to scale better. The monitoring network can process a large number of high-bandwidth traffic streams such as video. The network can scale to accommodate increased monitoring needs. Third, sophisticated filters can be applied at multiple layers in the monitoring network to achieve fine-grained isolation of traffic streams. Since network devices are used only for monitoring activities, their resources are fully dedicated to this function. 6

However, with the increased scale of the monitoring network comes an increased cost of buying and managing more network equipment. Diverse network equipment such as network taps, network switching and filtering devices, and network management systems increase the need for network management. Service Providers can choose between inband and out-of-band network monitoring architectures depending on their unique requirements and growth objectives. Brocade Telemetry Solutions Brocade telemetry devices can perform both inband and out-of-band network monitoring. They are purpose built for carrier class routing and resiliency and advanced monitoring capabilities. Brocade Solutions for Inband Monitoring Inband monitoring networks can use Brocade devices to both route and monitor traffic in the network simultaneously. Following are some benefits of using Brocade solutions for Inband network monitoring: Brocade devices are capable of replicating (or mirroring) traffic at wire speed at both ingress inputs (ingress) ports and output (egress) ports. Traffic on Link Aggregations Groups (LAGs) can also be monitored with the same capabilities as on regular physical ports. Traffic at the input and output ports can be filtered before replication to tap only traffic of interest. Traffic can be filtered on criteria such as IP address, MAC address, VLAN ID, and TCP ports to provide granular filters. It is possible to mirror of traffic on 10 GbE ports to traffic analyzers connected to 1 GbE or 100 Megabit per second (Mbps) ports. Brocade devices can filter and replicate at wire speed. There is no performance degradation on the transport network due to filtering. There is also no impact on the transport network when monitoring is turned on or off as per LI requirements that the subject should not be aware of any monitoring activities on the SP network. Traffic streams from multiple monitored ports can be aggregated to the same mirror port connected to traffic analyzers. This reduces the number of ports needed for monitoring. Brocade devices are 40 and 100 GbE ready. No forklift upgrades are needed to convert a monitoring network to higher-speed interfaces, making these networks future proof. Secure access is supported using RADIUS/TACACS+ authentication. SSH is also supported for secure login sessions. SNMP and syslog support is included to generate traps and alerts for specific network events. SNMP queries provide port and flow statistics for further analysis. Brocade devices support sflow, a technology that uses sampling technology to direct packets to any collector. This can be particularly useful for performance monitoring applications such as bandwidth analyzers. Brocade Solutions for Out-of-Band Monitoring Out-of-band monitoring networks install network taps in the transport network to access traffic. Brocade devices receive these feeds and can perform filtering and replication to traffic analyzers. Following are some of the benefits of Brocade devices for out-of-band network monitoring applications: Brocade devices can filter and replicate traffic to 100 Mbps, 1 GbE, or 10 GbE interfaces. These devices provide 256 x 10 GbE ports and 1536 x 1 GbE ports at wire speed, making them the highest-capacity network monitoring devices in the industry. Customers save significantly on operating expenses due to consolidation of network layers. 7

Brocade telemetry devices are 40 GbE and 100 GbE ready for out-of-band monitoring offering a high level of investment protection for future network expansion. As with inband networks, advanced filtering is possible on the ingress or egress ports for flexibility in enforcing policies at ingress, egress, or both locations. Brocade devices offer advanced load balancing capabilities. Both the ingress and egress ports can be LAGs. Traffic can be load balanced to traffic analyzers based on criteria such as IP address (IPv4 or IPv6), MAC address, VLAN, and TCP/UDP ports. Options can be enabled to load balance bi-directional conversations to the same server. The devices also offer users knobs to change load balancing traffic distribution for further flexibility. Brocade devices bring the resiliency of carrier grade to monitoring networks. With dual management cards and in-service upgradeability, Brocade devices guarantee less downtime. Secure access with SSH, TACACS+, RADIUS, and so on is supported as above for out-ofband monitoring as well. Brocade devices also support sflow for out-of-band monitoring. Applications for Brocade Telemetry Solutions Mobile Backhaul Mobile carriers have a great interest in monitoring traffic in their network, particularly as mobile devices become more powerful and can deliver richer content. Profiling of content gives them access to useful trends. Monitoring data allows them to secure their networks and also improve network performance. Traffic--multimedia content of voice, video, Internet traffic, or text--from cell towers is delivered to a master switching center on wire line or microwave media. Aggregated traffic at the center can be sent to different destinations such as an ISP for internet traffic, POTS for voice traffic, or a core backbone for mobile operator s valueadded internal services, as shown in Figure 5. To ISP Figure 4. Brocade mobile backhaul telemetry solution. Cell towers Master switching center taps To POTS To core backbone Servers for VoIP analysis, accounting, monitoring, etc. Brocade telemetry device There are a range of telemetry applications such as VOIP traffic analysis, accounting, and application performance monitoring that mobile operators use to monitor their networks. This analysis is performed on traffic aggregated at master switching centers. LI applications also reside at these centers to enable law enforcement agencies to capture data from subjects. Out-of-band network monitoring architectures are ideal for these requirements. taps are installed to tap traffic from the cell towers, which is then directed to a Brocade telemetry device. 8

The Brocade telemetry device can filter, replicate, and load balance traffic to multiple analyzer tools. The availability of different speed interfaces allows mobile operators to build a monitoring network per network requirements. With Brocade telemetry devices that are ready for 40 GbE and 100 GbE interfaces, the monitoring network is future proof to accommodate traffic increases resulting from upgrades to LTE (a mobile communication standard). Further, with advanced load balancing capabilities that allow more than 640 Gbps of traffic to be load balanced, the monitoring network can grow on demand. Thus the Brocade devices offer unparalleled investment protection. Data Centers Organizations make substantial investments to protect data centers from security risks such as attacks by hackers. Federally mandated LI applications can be implemented at data centers or co-location facilities Monitoring systems are installed to survey several locations in the data center to prevent the network from being compromised and to isolate the source of the attack. For instance, the paths between the border and core routers or those between the border router and the Internet connection to the ISP can be monitored for attacks from outside the data center, as shown in Figure 6. Links at server access layers can be monitored for possible security compromises and also for server performance. Internet Data Center Brocade telemetry device IDS servers Figure 6. Brocade data center telemetry solution. Brocade telemetry device IDS servers Multi-tenant or co-location hosting companies offer value-added services to their customers such as compute, storage, and Web services. With the Brocade telemetry systems, they can also offer value-added security services to their customers. With these services, hosting companies provide IDS and IPS services to detect and prevent security attacks on customer resources. This service can be applied to a specific customer s traffic by filtering specific traffic signatures with Brocade telemetry devices--without affecting other customer traffic. Secure access to these devices also ensures privacy for customers monitored data. Brocade telemetry devices offer more than 256 ports of wire-speed 10 GbE ports and 1,536 ports of GbE ports per system. This offers significant savings in OpEx with consolidation of devices and elimination of network layers. These devices operate at true line-rate to allow monitoring of large numbers of high-bandwidth data streams at several points in the data center simultaneously without the need to expand network capacity too frequently. Brocade devices offer carrier grade resiliency and in-service upgrade features, which reduces downtime in monitoring networks and creates a monitoring service that meets the Service- Level Agreements (SLAs) that co-location providers offer to their customers. 9

Summary telemetry is an important application for Service Providers. Monitoring is important for organizations to secure their networks and monitor performance of their applications. Lawful Intercept is federally mandated and requires SPs to be able to monitor subjects. LI imposes architectural requirements on SP networks. Both Monitoring and Lawful Intercept applications impose similar architectural requirements on network devices. Today s network operators and security teams are seeking scalable, cost-effective, and intelligent capabilities to interrogate all border and/or internal LAN traffic at speeds far exceeding 10 Gbps. Brocade telemetry solutions offer significant value by providing the capabilities demanded by monitoring applications. Brocade devices offer robust, future-proof, scalable hardware solutions and non-compromising performance guarantees. These devices have the highest 10 GbE/1 GbE capacities in the industry and are 40 GbE/100 GbE ready today. architects can design tomorrow s NM/LI solutions with Brocade devices today, which makes Brocade telemetry solutions a compelling choice for the monitoring needs of all SP networks. References ITU-T Technology Watch Report #6, Technical Aspects of Lawful Interception, http:// www.itu.int/dms_pub/itu-t/oth/23/01/t23010000060002pdfe.pdf Lawful Interception for IP s, Aqsacom, Inc., http://www.aqsacomna.com/us/ articles/liipwhitepaperv21.pdf ETSI TS-102-232, under Lawful Interception, Telecommunications Security, version 1.1.1, Handover Specification for IP delivery, February 2004. RFC 3924, Cisco Architecture for Lawful Intercept in IP s TSI Standard: ES 201 158 V1.1.2 (1998 05) Telecommunications security; Lawful Interception (LI); Requirements for network functions About Brocade Brocade connects the world s most important information delivering proven networking solutions for today s most data-intensive organizations. From the data center to highperformance Ethernet networks, Brocade is extending its 15-year heritage as a leading innovator of advanced storage and networking technology. The world s largest enterprise networks, government entities, and global service providers rely on Brocade to maximize the business return on their data. It s no wonder 90 percent of the world s most critical business information flows through Brocade solutions. Quite simply, Brocade enables today s complex businesses to run. Where other vendors produce networking that s ordinary, Brocade is committed to delivering the extraordinary. To find out more about Brocade products and solutions, visit www.brocade.com. 10

Appendix: Lawful Intercept Architecture Figure 7 shows the LI Architecture described by European Telecommunications Standards Institute s (ETSI) ES 201 158 V1.1.2 (1998-05). Most of the other standards describe similar architectures for LI. The LEMF and the SP (operator) networks are clearly separated by various types of Handover Interfaces (HI), namely HI1, HI2, and HI. The first HI port, HI1, transports various kinds of administrative information including warrants between LEA and the SP network. HI1 could even be paper documents handed over to the SP operator by the LEA. HI2 transports IRI from the Service Provider to the LEMF. HI3 transports CC information between the LEMF and the Service Provider. Administrative functions at network operator HI Handover Interface HI1 Administration HI2 Intercept Related Information (IRI) HI3 Content of Communication (CC) Figure 7. Brocade mobile backhaul telemetry solution. Internal intercept function (CC and IRI) Service information Content of communication HI1 LEMF Mediation functions (CC and IRI) HI2 HI3 HI SP network LEA network The LEA issues warrants, which are processed by the administrative functions at the network operator. These requests are passed on to network equipment such as network taps, monitoring devices, and switc Lawful intercept architecture. hes, which are used to capture and filter data to be delivered to the LEAs. Mediation devices further secure the data and transport it to the LEA network. 11

WHITE PAPER www.brocade.com Corporate Headquarters San Jose, CA USA T: +1-408-333-8000 info@brocade.com European Headquarters Geneva, Switzerland T: +41-22-799-56-40 emea-info@brocade.co Asia Pacific Headquarters Singapore T: +65-6538-4700 apac-info@brocade.com 2010 Brocade Communications Systems, Inc. All Rights Reserved. 10/10 GA-WP-1552-00 Brocade, the B-wing symbol, BigIron, DCFM, DCX, Fabric OS, FastIron, IronView, NetIron, SAN Health, ServerIron, TurboIron, and Wingspan are registered trademarks, and Brocade Assurance, Brocade NET Health, Brocade One, Extraordinary s, MyBrocade, and VCS are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned are or may be trademarks or service marks of their respective owners. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information