10 gigabit fiber network connections for Security Analytics

book

Article ID: 173648

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

Security Analytics uses 10 gigabit fiber for some of the capture ports on both the Dell and the Symantec S500 platforms. It is possible that one or both 10 gigabit capture interfaces may be missing from the Capture > Summary screen in the user interface.  

Cause

An unsupported SFP may be inserted into one of the 10Gb fiber ports in a Dell or S500 system.

Environment

  • Security Analytics
  • Ethernet 10 Gigabit per second (Gbps) Fiber capture network (10 GbE)
  • Symantec S500 hardware platform
  • Dell hardware configured per Symantec specification

Resolution

Security Analytics hardware supplied by Symantec, both the Symantec S500 hardware and the Symantec-specification Dell hardware, utilize the Intel X520 dual-port 10 Gigabit Ethernet (GbE) fiber network card. Confirming that the correct SFP module is inserted should resolve the issue.

SFP+ Modules for Dell

The Intel X520 card uses Enhanced Small Form-factor Pluggable (SFP+) modules to connect to the 10 Gbps fiber network. Symantec supplies two Short Range (SR) SFP+ modules with Security Analytics appliances, to be used in the 10 GbE network card. These modules do not come installed in the card but are shipped inside the appliance packaging in a small box, and must be installed in the card during appliance installation.

The Intel X520 card will only work with two Intel-specified SFP+ modules (listed below). No other modules will work in the X520 card.

  • E10GSFPSR – Intel® Ethernet SFP+ Short Range Optic – E65689-001
  • E10GSFPLR – Intel® Ethernet SFP+ Long Range Optic – E65685-001

Determining if an incorrect SFP+ module is installed:

If an incorrect SFP+ module is installed in the X520 card, the 10 GbE driver will fail to load and the 10 GbE ports will not show up in the Security Analytics capture page in the web user interface.

The Intel network driver will report the following in the Kernel logs:

ixgbe 0000:05:00.0: failed to load because an unsupported SFP+ module type was detected.

To check for this message, first reboot the appliance then log in via SSH or on the console as 'root' and run:  dmesg | grep SFP

 

Additional Information

10 Gbps GbE Fiber Type Reference

The GbE fiber technology (short or long range) used must be consistent on every piece of the network connection - TAP port, SA SFP+ modules, any interconnection, and the fiber cabling used.

10GBASE-SR ("short range") is a port type for multi-mode fiber and uses 850 nm lasers.

The range depends on the type of multi-mode fiber used, per the following table:

10GBASE-SR Short Range fiber types
Fiber Type (micrometers) Range (meters)
FDDI-grade (62.5 μm) 25
OM1 (62.5 μm) 33
OM2 (50 μm) 82
OM3 300
OM4 400

 

 

 

 

 

10GBASE-LR ("long range") is a port type for single-mode fiber and uses 1310 nm lasers.

10GBASE-LR can be run up to 10 kilometers.

 

For the S500 systems, use a FINISAR model FTLX8574D3BCV.  See the picture below of the Finisar SFP fiber module below.

Attachments

SFP_S500_closeup_1636137820912.jpg get_app