The document discusses Brocade's network solutions for intelligence, surveillance, and reconnaissance (ISR) systems. Brocade provides solutions throughout the ISR architecture, including at signal acquisition points, base ground stations for signal distribution, and client data centers. At signal acquisition points, Brocade's switches can be deployed in ruggedized environments and provide effective and economical operation. At base ground stations, Brocade routers efficiently handle multicast traffic distribution to client data centers. Brocade also offers flexible data center solutions for processing large amounts of ingested data at client sites.

1. FEDERAL
Network Solutions for Intelligence
Surveillance and Reconnaissance
Brocade delivers network architectures to address your
intelligence surveillance and reconnaissance solutions.

2. FEDERAL TECHNICAL BRIEF
Network Solutions for Intelligence Surveillance and Reconnaissance 2 of 16
CONTENTS
Intelligence Surveillance and Reconnaissance.....................................................................................................................3
What are the ISR Requirements?........................................................................................................... 3
Brocade: From the Signal Acquisition to Signal Transport to Signal Processing.............................................................5
At Signal Acquisition: Performance, Agility, and Economy .................................................................................................6
Challenges Being Met at Today’s Base Ground Station: Signal Acquisition and Modern Signal Distribution..............7
At the Data Center, Where the Clients Process “Big Data”.............................................................................................. 10
Brocade Provides Three Flexible Options for Data Centers...................................................................... 10
Data Center Architecture #1.......................................................................................................... 10
Data Center Architecture #2.......................................................................................................... 10
Data Center Architecture #3.......................................................................................................... 11
Future Options for ISR Networks Today.............................................................................................................................. 11
Network Function Virtualization............................................................................................................ 11
Simplifying Operations and Expansion through OpenFlow....................................................................... 12
Cyber-Security Protection...................................................................................................................................................... 14
Summary: What Differentiates Brocade............................................................................................................................. 14
Appendix A.............................................................................................................................................................................. 15

3. FEDERAL TECHNICAL BRIEF
Network Solutions for Intelligence Surveillance and Reconnaissance 3 of 16
INTELLIGENCE SURVEILLANCE AND RECONNAISSANCE
Just as the adoption of mobile technologies and ubiquitous Internet access have exploded in recent years, so
have the requirements that are placed on existing Intelligence Surveillance and Reconnaissance (ISR) systems.
ISR architects must not only transform existing systems to exploit these emerging technologies, but they
must also extend those technologies out to clients regardless of their physical location. The drive to leverage
cloud technologies in support of ISR missions requires a modernization of tactical network access, fixed
ground station, and data center architectures. The exponential increase in UAV reconnaissance alone, with an
estimated 86,000 hours of UAV drone video being captured daily, is placing a huge burden on today’s outdated
systems. New ISR systems must allow rapid evolution without the need for full-scale replacement of any
underlying technology. Constantly changing requirements, expanded missions, and constrained budgets require
the development of a scalable and modular ISR network that does not force vendor lock-in or limit choice.
Brocade, the performance leader in IP and storage solutions, has developed new technologies for ISR networks.
Brocade®IP and storage solutions can be implemented throughout the ISR architecture. At the signal
acquisition and generation point, Brocade solutions can be found transporting the initial signal from the field
or the tactical ground station. At the main ground station terminal, for example at the Space Network Ground
Segment Sustainment (SGSS) project, NASA utilizes Brocade satellite-ground architecture for multicast signal
distribution that provides vastly reduced data loss and predictable transmission effectiveness. This capability
accepts and transports all the ingest data, for a large client base to access the information simultaneously. At
the ingest data center, Brocade provides industry-leading reliability, scaling, and security by encryption of traffic
at rest and on-the-fly between primary and secondary data centers.
What are the ISR Requirements?
The primary requirement for an ISR solution is to gain high quality, time domain, and actionable intelligence
for potentially vast numbers of end users at any location, regardless of distance. The requirements to deliver
or sustain and modernize the ISR application from networking fabric perspective reach into all aspects of the
application. The list may look familiar.
For example, the NASA SGSS modernization program is continually being modernized, but the overarching
program requirements are these:
• Reduce communication costs for our customers.
• Implement an extensible, flexible, and easily expandable ground terminal architecture.
• Reduce lifecycle costs.
• Enhance the continuity of operations posture of the Space Network.
• Transition from the legacy system to the new SGSS system in a low risk environment.
• Meet or exceed the legacy proficiency, performance, and availability requirements.
Additionally, individual networking element requirements are produced.
Typically, by the time a solution planner is delivering a specific set of requirements to the network provider, they
have reduced their downstream requirements to something that looks like the content in Table 1.

4. FEDERAL TECHNICAL BRIEF
Network Solutions for Intelligence Surveillance and Reconnaissance 4 of 16
Table 1. Typical ISR Requirements.
Requirements may be a way of setting the bar, but key differentiators are not always gleaned from viewing a
set of technical requirements. A short-term savings of 10 percent on an initial deployment could have a
ripple effect of 50 percent to 100 percent more cost due to underwhelming network performance or poor
expansion capability.
ISR Network Requirements Brocade Solution
Sub-100 µsec delay of Ethernet
frames
√
Brocade MLX®/MLXe: Sub-15 µsec delay of Ethernet frames
Brocade VDX 8770: <4 µsec
Brocade ICX®: Sub-15 µsec
288 to 490 × 10 GbE ports √
Brocade MLX/MLXe: 768 × 10 GbE ports per MLX/MLXe (single chassis)
Brocade ICX: 56 × 10 GbE SFP+ ports per stack unit 2-port 4 × 10 GbE
BASE-X QSFP+
4-port 40 GbE BASE-X QSFP+
Brocade VDX®8770: 8 slots, 12 × 40 GbE per slot, or 48 × 10 GbE per slot
(single chassis)
2 × 10 GbE aggregate throughput √
Brocade MLX/MLXe: In service today, 2 Tb aggregate multicast throughput
(single chassis)
Brocade ICX 6650: 1600 Gbps line-speed full-duplex throughput. 1190 Mpps
forwarding capacity (single chassis)
Brocade VDX 8770: 10 GbE: 48 × 10 GbE line card provides up to 48 SFP+
ports. 8000 ports per fabric (single chassis)
38 multicast Ethernet frame streams √
Tens of thousands of multicast streams (single chassis)
The same jitter on a single stream, as in multiple streams
IGMPv2 and IGMPv3 support √
Brocade MLX/MLXe: 16000 groups of IGMPv3 (single chassis)
Brocade ICX 6650: 4000 groups of IGMPv3 (single chassis)
Resilient √ Resilient
High availability √ High availability
Layer 2 multicast √ Layer 2 multicast
Layer 3 multicast √ Layer 3 multicast
IGMP (Internet Group Management Protocol)
SFP+ (Small Form-factor Pluggable Plus)
QSFP+ (Quad Small Form-factor Pluggable Plus)
µsec (microseconds)
GbE (Gigabit Ethernet)
Mpps (million packets per second)
Tb (terabit)
Brocade delivers campus networks, network core, and data center network fabrics that far exceed the
requirement sample in Table 1. Brocade delivers network solutions for signal acquisition point or tactical
ground station, the base ground station and the client data center. Brocade brings unique differentiators to
each segment of the overall application that delivers exceptional performance, port density and economy to
the overall program. The differentiators are not always gleaned from viewing a set of technical requirements, as
some solutions operate more effectively than others and do not introduce unintended consequences, such as
higher costs.

5. FEDERAL TECHNICAL BRIEF
Network Solutions for Intelligence Surveillance and Reconnaissance 5 of 16
BROCADE: FROM THE SIGNAL ACQUISITION TO SIGNAL TRANSPORT
TO SIGNAL PROCESSING
Brocade has aligned its IP, storage, and network fabric solutions for ISR applications into the Brocade satellite-
ground deployment architecture (see Figure 2). Some solutions require highly specialized skills to meet
transmission requirements on a unique system, such as a ground station system. However, when integrator
architects design such solutions, they tend to choose Common Off the Shelf (COTS) components to control
costs. They then select or build purpose-built products, even if the application has unique requirements that
cannot be met by using these COTS components. As a result, the network transmission requirements tend to be
driven by the desire to economize on costs, rather than by what the best solution is for the specific application.
The initial costs for the solution may be lower with COTS components, but if the system underperforms over
time, then the savings at startup are negated.
The Brocade IP and storage solutions are key components to a successful ISR architecture. Differentiation is
provided in all three areas of the architecture:
• The signal acquisition point, or tactical ground station
• The base ground station where signals are distributed
• At the client data center
At the signal acquisition point, Brocade FCX Series Switches can be deployed in ruggedized from factors and
provide highly effective operation at an economical cost. Brocade has designed these platforms with the Layer
2 and Layer 3 features needed to enable the system to coexist at that level of the architecture. Brocade has
added the high availability and failover features necessary for the platform to withstand component failures and
behave as a chassis-based system would normally operate, but at a lower cost point.
At the base ground station, Brocade MLXe Series routers provide exceptional handling of multicast traffic to
client data centers that eliminate distance barriers that are traditionally found in the base ground station in ISR
programs. Brocade provides unique and flexible options for the massive processing data ingest center at the
client location. Any of the Brocade data center switching solutions for enterprise-level storage are appropriate
for these data centers. The Brocade solutions provide economical and predictable lifecycle costs. The Brocade
solutions provide progressively higher performance and handling of signal processing to end clients that
eliminate the traditional distance barriers that exist in the systems being modernized.
At the data center, Brocade has led the industry by designing flexible implementation options for the data center
switching architecture on the network and storage layers. Brocade data center solutions are designed to allow
for graceful migration or blending between architectural choices, such as architectures based on Network-
Attached Storage (NAS), Fibre Channel, or fabric. (See Figure 1.)

6. FEDERAL TECHNICAL BRIEF
Network Solutions for Intelligence Surveillance and Reconnaissance 6 of 16
Figure 1. Brocade Satellite-Ground Architecture.
Brocade provides an architecture with a combination of network performance, port density, and traffic
management that translates to longer solution life cycles and reduces the economic impact on the program overall.
AT SIGNAL ACQUISITION: PERFORMANCE, AGILITY, AND ECONOMY
Whether the location of signal source is in the atmosphere, orbit, on the ground, or in a mobile environment, the
Brocade FCX and ICX product lines are ideally suited for integration and operation at the initial tactical or remote
signal processing points. These systems are fully featured Layer 2 and 3 IP routing and switching solutions
that lead the industry in throughput, scalability, and energy efficiency. These systems have been ruggedized, or
installed in ruggedized containers, and deployed in direct support of ISR missions.
Using Brocade HyperEdge™ technology, the local campus area network or deployed work group requires only
a pair of the stackable routing switches in the virtual chassis to enable the advanced Brocade features.
HyperEdge architecture enables several benefits for the campus:
• Single IP management for the access layer
• Flexible deployment options with basic and advanced feature propagation
• High availability configurations with chassis-level resiliency
Of the remaining six units in the stack, there can be a mixture of units that address the needs of users with
standard requirements. The entire stack inherits the features of the advanced features in the stack base routing
pair. When the system is deployed in virtual chassis mode, with redundant power supplies, redundant control
and management, and hot-swappable, single rack units, the site community receives chassis-level operation
and management. Flexibility like this equals economy in deployment and operational costs. With these features,
HyperEdge directly addresses the challenges of today’s signal-acquisition environment.

7. FEDERAL TECHNICAL BRIEF
Network Solutions for Intelligence Surveillance and Reconnaissance 7 of 16
Figure 2. Physical Systems at Signal Acquisition.
Signal Source: Initial Processing.
CHALLENGES BEING MET AT TODAY’S BASE GROUND STATION:
SIGNAL ACQUISITION AND MODERN SIGNAL DISTRIBUTION
ISR deployments are in various architectural stages today. They consist of steady-state operations, wholesale
replacements, greenfield deployments, and modernization programs. The common thread to achieve an
efficient ISR architecture is standardization and modernization of the transmission signals between the receivers
to the base ground station and the client data center. Within the ISR architecture, clients may elect, based
upon mission, to receive individual downlink signals at the wideband level or to ingest very wideband
transmission signals.
At the base ground station, the acquired signals are sampled and modulated as digital representations of the
downlink data received by the analog modems. These signals have been converted to a Digital IF (DIF) signal
and packetized as Layer 2 multicast streams. This process enables the signal to be transmitted over longer
distances than was possible in its original format.
Conversion of the signal from analog to digital resolves the traditional ISR problem of limited (local only)
transmission distance. The result of resolving the transmission distance limitations means that the
transmission of the data over broader distances presents very specific problems for the base ground stations
and the receiving client data center.
The standard requirement of handling the digitally formatted downlink data is to replicate it to ever-increasing
scaling levels, and do so in identical fashion to all subscriber data centers within very tight tolerances.
Traditionally, ISR architectures have suffered from impaired receive signals from high jitter variances, delay
variation, add-join interruptions, and packet loss. Brocade ventured to resolve these challenges and achieved
much success in producing highly scalable transmission systems that address each of these problems.
To illustrate the delicate nature of the problems experienced by ISR programs with respect to transmission
challenges, we’ll mention the primary issues experienced by our partners and the technical aspects of the
Brocade solution that met these challenges.

8. FEDERAL TECHNICAL BRIEF
Network Solutions for Intelligence Surveillance and Reconnaissance 8 of 16
The challenges were as follows:
• Replication and transmission of data streams required high fan-out.
• Client demand for multiple data streams has expanded rapidly, and continues to do so.
• The transmission of data was “live” and it needed to be transmitted and received as originally formatted at
the base ground station by the AD conversion modems.
• Transmission was jitter sensitive, delay sensitive, and could not withstand dropped packets or variation in
inter-frame gap size due to multicast stream replication processes.
Brocade resolved each of these problems by designing features into its industry-leading platform, the Brocade
MLXe. Although initially perceived as a COTS solution element, the Brocade MLXe design team resolves specific
multicast issues architecturally, within the Brocade MLXe platform. In this way, the Brocade MLXe no longer
resembles a COTS solution element, but that of a purpose-built ISR transmission element with unique traffic
handling capabilities that resolve the technical issues that disrupt traditional ISR applications. Brocade resolves
these problems while maintaining the traditional multicast interface to other ISR application elements.
A combination of Brocade technical features alleviates these problems with the following system-level attributes:
• Provide uniform, thus predictable, packetization of multicast streams by providing an identical length to every
inter-packet gap.
• Eliminate inadvertent oversubscription by placing traffic management on the interface of each module, versus
traditional system architectures that provide this feature on the main controller, and therefore do not mitigate
contention for bandwidth with their centralized multicast add-join management tables.
Ensure that multicast scaling occurs within the system without dropped packets on the transmission interface
due to processing, management, or oversubscription on the interface or backplane.
Figure 3. Modern Signals Distribution.
Brocade provides multicast using the Brocade MLXe, VDX, or ICX platforms. Maintaining the integrity of the stream
to the client is critical. The Brocade MLXe reproduces the multicast stream with the same measured behavior,
whether it is the initial multicast stream, or the 2000th multicast stream that has passed through the same switch.

9. FEDERAL TECHNICAL BRIEF
Network Solutions for Intelligence Surveillance and Reconnaissance 9 of 16
At any given time, the Brocade MLXe solution could experience a growing usage level of 2000-2500 clients
joined and listening in a set of multicast groups. Some clients may be participating in up to 30 multicast groups.
This requirement dictates that a tremendous number of port interfaces are to be deployed and actively running
multicast in a single chassis. The combination of on-module traffic management, multicast management, and
multicast replication capabilities of the Brocade MLXe means that the legacy network solution with single blades
running in the chassis can be replaced easily. The Brocade MLXe can replace rows of legacy routing switches,
which frees up Space, Weight, and Power (SWAP) and reduces operational budget pressure, simply by utilizing a
well-designed transmission system with predictable behavior.
Due to the on-module traffic and multicast management, no single interface affects the other client listeners. For
example, two listeners could attempt to join a different multicast group over the same 10 GbE interface. (See
the exploded view of the 20-port 10 GbE module in Figure 4.) The result of the separate downstream requests
would traditionally require two multicast 9.2 Gbps streams to compete for the same 10 Gb of bandwidth. In the
Brocade MLXe, the control to manage the multicast join and leave operations is on the module. This multicast
management on the interface ensures that no single port can interfere with ports on other modules. The
contention for bandwidth by multicast joins and leaves is managed individually. In competing implementations,
this behavior may cause problems with the multicast group management on the management module of the
switch. Within the Brocade MLXe products, this issue is not a factor, as only the last join request on that port
is blocked or rate-limited on the ingress and egress. The result is that only the port interface that received the
simultaneous join requests is affected.
Figure 4. Brocade ISR Data Center Architecture.
The Brocade network architecture for ISR implementations delivers client data center architectures utilizing IP,
Fibre Channel, or the latest in data center fabric technology.

10. FEDERAL TECHNICAL BRIEF
Network Solutions for Intelligence Surveillance and Reconnaissance 10 of 16
AT THE DATA CENTER, WHERE THE CLIENTS PROCESS “BIG DATA”
Some data ingest centers receive over 86,000 hours of UAV drone video each day in addition to countless levels
of sensor and signal traffic. It is no question that the ISR client data centers drive Big Data. This data is the very
information that analyst use to enable the government to provide for the health, safety, and overall protection
of its constituents. The huge amount of data places a tremendous burden on the analyst looking for actionable
intelligence. Regardless of the amount of data, no frames may be dropped. Brocade provides state-of-the-art IP
and Storage Area Network (SAN) data center fabrics. The Brocade IP and Fibre Channel data center solutions
are enabling Department of Defense, civilian, and intelligence community users to process the massive data
ingest in the manner that they choose.
The client data center requires the ability to acquire, process, store, and distribute the raw signal, the processed
data, and the stored data products for mission-based analysis. Brocade delivers a best-in-class storage and IP
multicast network solution for the ground station and the data ingest and processing center, and the best-in-
class data center fabric for the receiving client location.
Brocade Provides Three Flexible Options for Data Centers
Data Center Architecture #1
This data center utilizes the Brocade data center fabric. This state-of-the-art data center implementation offers
leading performance, fan-out, density, as well as reliability. Data Center Architecture #1 was designed specifically
for Ethernet and storage fabric architectures in the data center LAN. This data center provides support for
N x 1/10/40 GbE and 100 GbE. Data Center Architecture #1 is built for Big Data. This data center provides
industry-leading performance, extremely low latency, and fits the migrate-at-your-own-pace model. Agencies can
test this proven solution in their lab, make it operational, and begin integrating IP and Fibre Channel systems
with low risk.
The Brocade data center fabric contains the Brocade VDX 8770 Switch and the Brocade VDX line of access
switches. The Brocade VDX can act as an “end of row” switch, fabric core, or even as a core Layer 3 router.
The Brocade VDX 8770 can also be connected to the Brocade MLXe, a purpose-built core router that provides
best-in-class routing technology and high performance with a choice of 10/40 GbE and 100 GbE connections.
With the Brocade VDX 8770 and its industry-leading 3.6 µs of latency, your agency is ready for high-speed
performance and ultra-high density virtualization. Currently, Brocade VCS®Fabric technology enables a single
VCS fabric to scale up to 8000 switch ports with up to 384,000 virtual machines attached to the fabric.
The Brocade VDX product line provides data center bridging support for iSCSI and NAS deployments. Your data
center technology choice might be the data center fabric, IP (NAS), Fibre Channel, or a blending of all three.
Regardless of your choice, Brocade provides a feature-rich solution that delivers high performance, scalability,
security, predictable network behavior, and reliability.
Data Center Architecture #2
This data center model represents the agency with Fibre Channel that is migrating to IP from Fibre Channel. The
first step is to implement the Brocade data center fabric, based on Transparent Interconnection of Lots of Links
(TRILL). This fabric consists of N x 10 GbE, or N x 40 GbE fabric links between the edge switches running N x
1/10 GbE or 40 GbE to the application servers. Like Data Center #1, the fabric interconnects from the edge
to the core Brocade 8770 switches. The server farm can receive the signal at a very high speed using one or
more 10 GbE interfaces, or even N x 40 GbE interfaces to the data center fabric. Process the data and extract
the original signal from the IP stream, and ultimately store the data over Brocade IP, Generation 5 Fibre Channel,
Fibre Channel over Ethernet (FCoE) using block storage or NAS.
The interim step between migration from Data Center #3 and Data Center #2 is to bridge the Brocade DCX®
8510-based Fibre Channel storage to servers using the Brocade CNA data center bridging with FCoE or iSCSI.
The Agency #2 Data Center has also implemented NAS with tested solutions from any of the Brocade storage
partners (ISILON, EMC, NetApp, DDN, or Hitachi).

11. FEDERAL TECHNICAL BRIEF
Network Solutions for Intelligence Surveillance and Reconnaissance 11 of 16
Data Center Architecture #3
This example displays the legacy data center. Typically, the legacy data center has a Layer 3 core and distribution
tier and Layer 2 to the server (applications). The Brocade DCX 8510 Fibre Channel-based SAN tier is shown with
typically secured for data-at-rest employed. This data center uses Fibre Channel 2/4/8/10 Gbps or even 16
Gbps as its primary storage protocol and interface. Customers with this architecture typically have a Layer 2 and
Layer 3 data center architecture with Spanning Tree enabled. This protocol effectively blocks redundant links to
the aggregation and core switching tiers. To unlock the existing bandwidth and access higher performance for
north and south traffic to the core, you must migrate to Data Center #2 or Data Center #1.
FUTURE OPTIONS FOR ISR NETWORKS TODAY
The ISR architects are working to resolve many anticipated demands that are expected to affect the current
architecture. Planners must be able enable the backbone to adapt rapidly to an ever expanding client base,
reliably transport their desired signals from remote locations, possibly in theater, back to their data center
where the raw, or pre-processed data, will be further distributed and managed, stored and ultimately analyzed.
To enable the ISR architecture in the current network posture, to facilitate the rapid expansion, without being
slowed down by operational and logistical complexities is key to the success of this next generation ISR
expansion. Not only are ISR architects asked to do this, but they are encouraged to design and build ISR
architectures that act as a system of systems.
Brocade has developed solutions that meet the logistical and operational challenges by developing solutions
that provide these benefits:
• Reduction of SWAP at the signal acquisition area of deployment and at the tactical ground station through
Network Function Virtualization (NFV) using Software-Defined Network (SDN) elements.
• Efficient control of delivery of services between the tactical and base ground stations, the Wide Area Network
(WAN), and the client data center ingest network through the use of OpenFlow.
• Efficient handling of data center IP and storage network traffic at the base ground station processing, and
handling of the client data center through the use of fabric architectures. (Previously discussed).
Network Function Virtualization
While Brocade has had success in solving many issues that have affected ISR architectures for several
years, Brocade has also begun building the elements required for ISR architectures of tomorrow. For example,
in Figure 5, the Brocade FCX and ICX on the left would be replaced with a like feature set that reduces the
economics, complexity, and logistical impact of current deployments. To address the constrained environment,
NFV elements developed by Brocade reduce space, power, cabling, switching units, routers, firewalls, DCHP
servers, VPN concentrators, and application load balancers with virtualized images that perform these
functions. These capabilities reside on a server platform and coexist with other mission applications. This NFV
solution is hypervisor agnostic and runs on any x86 platforms. In Figure 5, NFV enables a reduction from over
70 cables to less than 10, and NFV replaces up to 40 physical systems with a pair of ruggedized servers. The
resultant energy reduction extends the period that systems can be deployed before fuel drops in forward areas
are required.

12. FEDERAL TECHNICAL BRIEF
Network Solutions for Intelligence Surveillance and Reconnaissance 12 of 16
Figure 5. Virtualized Systems at Signal Acquisition.
Unique Brocade Capability: Next Signal Source Initial Processing.
Simplifying Operations and Expansion through OpenFlow
Brocade has largely addressed the ISR network performance, throughput, fan-out, and scalability requirements
with exceptional system architecture and design implementation of network applications, like multicast. Brocade
now sees that operational control of large, ever-expanding, complex, network applications and their delivery can
be simplified.
One of the promising attributes of the Brocade product design trajectory is that it includes the notion of
operating the network as part of a system of systems. To facilitate this capability, Brocade has implemented
OpenFlow capabilities into its networking platforms that enable ISR planners to deliver point-to-point, and point-
to-multipoint services for ISR application clients. Brocade products can operate as OpenFlow devices, by keeping
the packet forwarding hardware role in the device but extract the control plane to an OpenFlow controller.
Brocade products also can operate in hybrid mode, which keeps the data plane and control plane within the
system while a migration plan is executed.

13. FEDERAL TECHNICAL BRIEF
Network Solutions for Intelligence Surveillance and Reconnaissance 13 of 16
Figure 6. ISR Architecture Based on Network Function Virtualization and OpenFlow Centralized Control Plane.
Brocade capability for delivering ISR at a system of systems level implementation.
OpenFlow is an SDN protocol that enables communication between an OpenFlow controller and an OpenFlow-
enabled router. In a classic router or switch, packet forwarding (data path) and high-level routing decisions
(control path) occur on the same device. An OpenFlow switch separates these two functions. The data path
portion still resides on the switch, but high-level routing decisions are moved to a separate controller. OpenFlow
removes operational complexity and delivers services in a uniform fashion through a centralized control
environment using an OpenFlow controller. By marrying a standardized control plane to an already standardized
forwarding plane, OpenFlow resolves several issues.
• No longer requires widespread field expertise with multiple command line interfaces.
• Simplifies data forwarding by centrally managing services, versus wide variances of internal switch hardware
software rules.
• Eliminates management by a series of silo network management platforms and operators.
Across the ISR architecture, OpenFlow support delivers centralized rule sets (control plane) over a self-healing
network that fosters architecture wide survivability in a competitive environment.

14. FEDERAL TECHNICAL BRIEF
Network Solutions for Intelligence Surveillance and Reconnaissance 14 of 16
CYBER-SECURITY PROTECTION
In addition to the previously stated architectural benefits, Brocade products provide unique benefits for
protection of the data, as well as its delivery from end to end. The use of sFlow technology enables the network
infrastructure to function as a security sensor grid that is capable of feeding information to a collector. The
sFlow collector collects and monitors network behavior and anomaly detection information that is received
from the network sensor grid. The information provides operation centers the ability to detect zero-day attacks,
worms, denial-of-service attacks, unauthorized devices, and insider threats. Brocade MLXe switches currently
support sFlow. Brocade ICX, FCX, and SX switches expect to receive this feature via software upgrade (no
hardware change) to support sFlow in the first half of 2014.
The Brocade data center portfolio includes the Brocade Encryption Switch (BES), which includes the ability to
provide encryption of the data-at-rest. The BES has been tested and approved by National Institute of Standards
and Technology (NIST) to Federal Information Processing Standard (FIPS) 140-2 level 3. The BES works with key
management solutions from partners such as SafeNet, NetApp, HP, IBM, RSA, and Thales. When the processed
data is mirrored to backup storage area networks or disaster preparedness storage networks, you might also
want to encrypt the data on-the-fly. This encryption can be done at Advanced Encryption Standard - Galois
Counter Mode (AES-GCM) 256-bit strength in 8 x 8 Gbps Inter-Switch Links (ISLs), or 4 x 16 Gbps ISL trunks
(up to 64 Gbps links between data centers). This encryption is shown in Figure 4 (on page 9). as an encrypted
connection between Data Center #3 and Data Center #2. In addition to this unique capability, these Brocade
products have also received FIPS 140-2 level 2 validation: Brocade VDX series #1802, Brocade DCX series
#1796, and the Brocade MLXe series #1917.
SUMMARY: WHAT DIFFERENTIATES BROCADE
Brocade has demonstrated world-class solutions in all areas of the network architecture where IP
communications and storage area networking are required. Brocade offers scalable solutions that consistently
outperform competing platforms (specifically within ISR applications). This performance is a direct result of
predictable performance, system expandability, and a resulting cost model at a fraction of the per port cost
demonstrated by competing solutions. The key elements of the Brocade ISR architecture include these:
• Existing and cutting-edge solutions to reduce space, weight, and power in austere environments
• Ultra-high fan-out for multicast applications
• Greater scaling with higher port density and lower cost per port than other COTS solutions
• Works with data centers based on Brocade Fabric, IP, and Fibre Channel
• Encryption of data on-the-fly and encrypted data-at-rest
• Currently capable of transitioning your ISR architecture to the future
The Brocade data center architecture that is utilized in ISR applications is flexible and can be inserted into the
data center of an agency at any stage of its architectural lifecycle. The Brocade solution is unique because it
provides elements that provide network predictability, high density, and easy adaptation to increased demands.
These features translate to a longer life-cycle and a reduced economic impact on the program overall. The
techniques used for translating analog streams to data framing format may evolve (that is, VITA 49.1). However,
the distribution mechanism that enables the clients to receive the stream is multicast IP traffic. This distribution
mechanism is the key common requirement where the Brocade MLXe platform delivers the best-in-class
transmission solution for ISR applications. The flexible data center options, which include architectures based
on Brocade Fabric, IP, and Fibre Channel, make Brocade an ideal partner for delivering the key enablers of high
performance ISR solutions at the client ingest data centers.

15. FEDERAL TECHNICAL BRIEF
Network Solutions for Intelligence Surveillance and Reconnaissance 15 of 16
APPENDIX A
Table 2. Brocade ISR Data Center Architectural Elements referenced in this document.
Brocade MLXe Brocade ICX Brocade VDX Brocade Vyatta Brocade DCX
Satellite-Based Ground
Station Data Center. IP
WAN. Data Center
Tactical or Remote
Ground Station
Satellite-Base Ground
Station Data Center. IP
WAN. IP and Fabric-Based
Data Center
Tactical or Remote Ground
Station
Fibre Channel-Based
Data Center
High-Performance, Full-
Featured Router
• OpenFlow/SDN
support
• 15.36 Tbps Forwarding
• 32 100 GbE, 256 10
GbE, and 1,536 1 GbE
wire-speed ports
• IPv4, IPv6, MPLS, Layer
3 VPNs, VPLS, Layer
2 PW
• 1M FIB routes, 2000
BGP peers
• Best-in-class power
efficiency
• 1-GbE, 10-GbE, 40GbE
& 100-GbE modules
• Embedded security
• Secure management
• Hitless failover and
upgrade; non-stop
routing
• NEBS Level 3 Certified
Industry-leading
scalability up to:
• 10 million BGP routes
• 1 million IPv4 routes in
hardware (FIB)
• 240,000 IPv6 routes
in hardware (FIB)
• 2000 BGP peers per
system
• 2000 BGP/MPLS VPNs
and up to 1 million
VPN routes
• 48,000 VLLs per
system
• 16,000 VPLS
instances and up to
1 million VPLS MAC
addresses 64,000
RSVP-TE LSPs
• 4094 VLANs and
up to 2 million MAC
addresses
• Large-scale Equal Cost
Multi-Path (ECMP); up
to 32 paths for unicast
and multicast
High-Performance, Virtual
Chassis Switching/
Routing
• OpenFlow/SDN
support
• 320 Gbps of stacking
bandwidth per switch
• Hitless stacking for
data and control (up to
8 units*)
• High-density uplinks
• 40 GbE uplinks
(stacking ports)
• Up to 8×10 GbE ports
per switch
Optimum flexibility
and high availability,
Redundant, removable,
load-sharing power
supplies
• PoE/PoE+
• Redundant, removable
fan
Scalability:
• 12K ACL, 16K routes,
32K MAC, 8K multicast
groups
• Hardware-ready for
encryption via MACsec
• sFlow for granular
network traffic
accounting
• Full Layer 3 feature
capability
• MAC addresses:
32,000
• Maximum VLANs:
4096
• Maximum Routes:
16,000
• QoS Features
• Traffic Management
• High Availability
• Embedded Security
• Secure Management
* Model Dependent
Ethernet Fabrics for
Access & Aggregation in
the LAN
• OpenStack/SDN
• Auto Migration of Port
Profiles
• VM-Aware
• FCoE
• Quality of Service (QoS )
• Support for 1G,10G,40G
&100G* ethernet.
• Data Center Bridging
• DCB support for
iSCSI and NAS for
1/10/40/100 GbE*
DCB support for iSCSI
and NAS.
Scalability:
• VLANs: 4096
• MAC addresses:
384,000
• IPv4 routes: 352,000
• IPv6 routes: 88,000
• ACLs: 57,000
• Port profiles (AMPP):
256
• ARP entries: 128,000
• Switches in a VCS
fabric: 24
• ECMP paths in a VCS
fabric: 8
• Trunk members for VCS
fabric ports: 8
• Switches across which a
vLAG can span: 4
• Members in a vLAG: 32
• Jumbo frame size: 9208
bytes
• DCB Priority Flow Control
(PFC) classes: 8
*Planned
Full-Featured Virtualized
Functionality
• OpenFlow/SDN
• IPv4 / IPv6 Routing.
OSPFv2, BGP.4, BGP6,
RIPv2. BGP Multipath.
IPv6 CSLAAC. Multicast
• IP Address Management:
• Static
• DHCP Server
• DHCP Client
• DHCP Relay
• Dynamic DNS
• DNS Forwarding
• IPv6 DNS Resolver
• IDHCPv6 Server, Client
• DHCPv6 Relay
Firewall:
• Stateful Inspection
Firewall
• Zone-based Firewall
• P2P Filtering
• IPv6 Firewalling
• Time-based Firewall
Rules
• Rate Limiting
• ICMP Type Filtering
• Stateful
Tunneling / VPN:
• SSL-based OpenVPN
• Site to Site VPN (IPsec)
• Remote VPN (PPTP, L2TP,
IPsec)
• Virtual Tunnel Interface
• OpenVPN Client Auto-
Configuration
• Layer 2 Bridging over
GRE
• Layer 2 Bridging over
OpenVPN
• OpenVPN Dynamic Client
• Dynamic Multipoint VPN
• High Availability, VRRP,
Clustering, RAID
• Diagnostics,
Administration and
Authentication,
TACACS+, QoS Policies.
Works with ESXi, XEN,
XenServer, KVM, HyperV,
AWS on Any x86 platform.
Designed for
high performance
dedicated Storage
Network
• Full support for
2/4/8/16 G Fibre
Channel provides
the highest density
and performance
vs. competing
solutions
• Special Purpose
Blades:
• Brocade FS8-18
Encryption Blade
• Brocade FX8-24
Extension
• Blade provides SAN
extension over IP
networks
• Chassis bandwidth
up to 8.2 Tbps per
chassis
Scalability: Full fabric
architecture of 239
switches
• Certified maximum
• 6000 active nodes
• 56 switches
• 19 hops in Brocade
Fabric OS®fabrics
• 31 switches, larger
fabrics certified as
required
Brocade UltraScale
Inter-Chassis Links
(ICL) bandwidth
Available Available Available Available Available

16. © 2013 Brocade Communications Systems, Inc. All Rights Reserved. 07/13 GA-TB-482-00
ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, ICX, MLX, MyBrocade,
OpenScript, VCS, VDX, and Vyatta are registered trademarks, and HyperEdge, The Effortless
Network, and The On-Demand Data Center are trademarks of Brocade Communications Systems,
Inc., in the United States and/or in other countries. Other brands, products, or service names
mentioned may be trademarks of their respective owners.
Notice: This document is for informational purposes only and does not set forth any warranty,
expressed or implied, concerning any equipment, equipment feature, or service offered or to be
offered by Brocade. Brocade reserves the right to make changes to this document at any time,
without notice, and assumes no responsibility for its use. This informational document describes
features that may not be currently available. Contact a Brocade sales office for information on
feature and product availability. Export of technical data contained in this document may require an
export license from the United States government.
DATA CENTER TECHNICAL BRIEF