10 Gigabit Ethernet secures border at Niagara Falls
- 22 January, 2008 08:29
When visiting Niagara Falls, chances are you're too enthralled by the beauty and power of the cataract to think of anything else.
Until you cross the U.S./Canada border -- then you have to think about the interrogation from customs agents and the video cameras locked in on your vehicle. Or maybe you're thinking of the technology behind that border-crossing process.
Gigabit and 10 Gigabit Ethernet are the foundation of a converged network operated by the Niagara Falls Bridge Commission (NFBC), a joint U.S. and Canadian agency that oversees three border crossings spanning the Niagara River between western New York State and southern Ontario. The bridges it monitors are the Rainbow Bridge in Niagara Falls, N.Y./Ontario; the Whirpool Bridge a little farther downriver; and the Lewiston/Queenston Bridge in Lewiston, N.Y./Queenston, Ontario.
NFBC operates the fourth-busiest border crossing between the United States and Canada, and managed more than 7 million border crossings in 2006. Established in 1938 by the US and Canadian governments, NFBC is responsible for more than US$32 billion in trade between both countries.
Facilitating that is an infrastructure that is several years old and that is built on Foundry Networks' FastIron line of Power over Ethernet (PoE) switches, IronPoint wireless access points and IronView network management software, and as of about six months ago, a pair of Foundry BigIron RX backbone switches. The converged network transports on-demand data, voice and video to NFBC's operations center in Lewiston so officials can monitor and communicate traffic conditions, execute physical security measures and investigate any unusual or suspicious activity at the border. The network supports some 170 cameras, which generate between 42.5M and 53Mbps of traffic on the network. The breakdown of network utilization is roughly 80% video, 18% data and 2% voice.
The NFBC also works in conjunction with local US and Canadian law enforcement as well as customs officials from both countries in order to coordinate tasks.
"If we see anything there we alert the appropriate agency in Canada and same on the American side," says Brent Gallaugher, agency relations and security manager at NFBC. "We had a couple of cases in the past year where we helped break up a drug deal going on on the bridge in Lewiston. They reacted and made some arrests which led to subsequent arrests in an organization."
NFBC doesn't work directly with the agencies like the US Department of Homeland Security or its Canadian equivalent, but there are times when these departments will request additional video footage or imagery from NFBC to augment their own surveillance, says Dave Woods, NFBC programmer and analyst. They may request NFBC to provide more detailed imagery on a particular vehicle or border event, he says.
Those details are delivered through two BigIron switches at the network core -- one at the Rainbow Bridge and the other at the NFBC data center in Lewiston. The network also includes six Foundry FastIron chassis-based switches and 10 stackables, which feed and retrieve data to and from at least seven servers located at the bridge plazas. Two trunked 10Gbps Ethernet connections link the two core switches, and the core switches are also linked to the FastIron server switches via 10Gbps Ethernet.
The Lewiston and Whirlpool bridges are tied to the NFBC data center via two trunked 1Gbps Ethernet links. The bridges, meanwhile, are linked to each other over two trunked 1Gbps Ethernet fiber. Eight IEEE 802.11 a/b/g wireless access points connect wireless video cameras and laptops to the switches in the bridge plazas.
Backup is provided by the NFBC's former primary network -- point-to-point microwave radio network links. This network was relegated to backup mode when the fiber was deployed.
The licensed microwave network provides IEEE 802.1p quality-of-service for voice, video and data in case NFBC runs into bandwidth constraints, Woods says.
The NFBC network is configured into four virtual LANs to segment traffic: one each for voice, video and data, and another for guest access.
Footage gathered from PoE IP video and CCTV cameras at the bridges and customs plazas on both sides of the border is sent to the NFBC Operations Center, where management and staff analyze it from numerous views and angles to monitor traffic in each lane, locate traffic accidents and any unusual activities or incidents, and coordinate 24/7 responses. Operations Center personnel use commercial and internally developed applications to detect and respond to alarms from the bridges and plazas triggered by suspicious activity or tampering.
From the same graphical interface where they receive the alarms, Operations Center personnel can manipulate the cameras to focus in on perpetrators or problem areas. In addition to controlling all of the cameras at the bridges and plazas, Operations Center personnel reconfigure lanes at the bridges remotely by opening and closing them to traffic; and open and close an unmanned bridge where citizenship is authenticated and access granted via a card scan.
Operations Center personnel also remotely monitor the temperature and water levels of the server rooms located at the bridge plazas.
Internally, the NFBC network is secured using Lancope's StealthWatch network behavior analysis and response software, and Lockdown's Enforcer network access control application. These products allow NFBC to detect flow-based anomalies and threats, and authenticate and audit network users and devices.
Woods takes pride in the fact that his network had nary a WAN link. He uses a double entendre to boast about its utility.
"We can push a lot of traffic," he says, referring to the network's capacity and application.
View a slideshow about the technology used by the U.S./Canada border here.