Endace-GCHQ statement of work

Statement of Work (JM-0218-0956) Specific Enhancements to ENDACE DAG 8.1SX, 9.2SX2 and 40G2 systems for GCHQ 18th February 2010 Statement of Work – GCHQ_Product_Enhacements_Version_1.0 Commercial in Confidence 1

©Endace Technology Limited 2010. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of Endace Technology Limited. Endace, the Endace logo, Endace Accelerated, DAG, NinjaBox and NinjaProbe are trademarks or registered trademarks in New Zealand, or other countries, of Endace Technology Limited. All other product or service names are the property of their respective owners. Product and company names used are for identification purposes only and such use does not imply any agreement between Endace and any named company, or any sponsorship or endorsement by any named company. Whilst every effort has been made to ensure accuracy, neither Endace Technology Limited nor any employee of the company, shall be liable on any ground whatsoever to any party in respect of decisions or actions they may make as a result of using this information. Endace Technology Limited has taken great effort to verify the accuracy of this statement of work, but nothing herein should be construed as a warranty and Endace shall not be liable for technical or editorial errors or omissions contained herein. Statement of Work – GCHQ_Product_Enhacements_Version_1.0 Commercial in Confidence 2

Table of Contents Scope ................................................................................................................................................................... 5 Technical Descriptions ......................................................................................................................................... 5 DAG 8.1SX / 9.2SX2 Overview ......................................................................................................................... 5 Overview of existing 8.1SX functionality ..................................................................................................... 5 Overview of HW capabilities of the 9.2SX2 card ......................................................................................... 6 Enhanced Features for Channelisation ....................................................................................................... 6 Project Details DAG 8.1SX / 9.2SX2 ................................................................................................................. 6 Channelisation modes ................................................................................................................................. 6 SDH mapping structure for POS-CH Image.................................................................................................. 6 SDH mapping structure for RAW-CH image ................................................................................................ 8 SDH mapping structure for POS-64 image .................................................................................................. 8 Overhead features....................................................................................................................................... 9 Load Balancing features .............................................................................................................................. 9 ERF record types ........................................................................................................................................ 10 40G2 Transmit Overview ............................................................................................................................... 10 Overview of existing 40G2 functionality (standard functionality) ............................................................ 11 Overview of additional 40G2 features (the project) ................................................................................. 11 Functionality .............................................................................................................................................. 11 10GbE interface, Time-stamping, and buffering ....................................................................................... 11 Traffic combination ................................................................................................................................... 12 HDLC mapping & SONET framing .............................................................................................................. 12 Accelerated Roadmap (GCHQ Specific) Overview ............................................................................................. 12 Phase One .................................................................................................................................................. 12 Phase Two.................................................................................................................................................. 12 Phase Three ............................................................................................................................................... 12 Statement of Work – Pricing, Terms and Conditions ........................................................................................ 13 Statement of Work – GCHQ_Product_Enhacements_Version_1.0 Commercial in Confidence 3

Non Recurring Engineering (NRE) Payment Overview .................................................................................. 13 Payment Schedule ......................................................................................................................................... 13 Terms of Purchase ......................................................................................................................................... 14 Acceptance ........................................................................................................................................................ 14 Statement of Work – GCHQ_Product_Enhacements_Version_1.0 Commercial in Confidence 4

Scope The following statement of work has been created to accelerate feature enhancements to Endace’s DAG 8.1SX (single port) 10GE/STM-64/OC192, DAG9.2SX2 (dual port) 10GE/STM64/OC192 and 40G2 (OC768c) monitoring solutions. Discussions with GCHQ have identified additional features for deployment on all of the for mentioned products, the majority of the proposed enhancements (listed in this document) are of a bespoke nature and therefore would not form part of Endace’s planned commercial roadmap for the unit. To enable delivery of the required functionality Endace is prepared to reprioritise its current engineering schedule in order to modify the existing firmware images to accommodate all of the features requested. To complete the development work Endace has defined a single Non Recurring Engineering (NRE) payment of £245,000.00 GBP that will allow the reordering of priority and subsequent delivery of features. Technical Descriptions DAG 8.1SX / 9.2SX2 Overview This section provides a top level design overview describing the minimum feature set provided under the work for channelization on the 8.1SX and 9.2SX2 cards. A more complete design specification outlining functionality to the register level will be provided as part of the implementation phase. The functionality described in this document is provided as an FPGA download images supported by these Endace DAG cards : • 8.1SX (partial support) • 9.2SX2 (full support) (The 9.2X2 card does not support Raw SONET modes and is not a target for this FPGA image) Overview of existing 8.1SX functionality The standard DAG-8.1SX Image provides the following functionality : • 10GbE-LAN/WAN framing • OC-192/STM-64 framing • Programmable SDH, and HDLC Scrambling and descrambling • PoS L-II demapping Statement of Work – GCHQ_Product_Enhacements_Version_1.0 Commercial in Confidence 5

• Load balancing by IP header • Ability to filter on MPLS labels, VLAN Tags, IP addresses, Port Numbers, Protocol type Overview of HW capabilities of the 9.2SX2 card • 2 port OC-192 • FPGA based framer • PCI-E Gen-II bus • Half Height, Half Length Enhanced Features for Channelisation Feature 8.1SX Support 9.2SX2 Support STM-64 Raw √ √ STM-64 PoS √ √ 4 x AUG-16 √ √ Mix of VC4-16C, VC4-4C, VC-4 Encapsulated to PoS × √ TOH (SOH & LOH) Frames √ √ POH Frames √ √ PoS √ × × Load Balancing Transmit Functionality Project Details DAG 8.1SX / 9.2SX2 Channelisation modes The enhanced features for the 8.1SX & 9.2SX2 will be provided via 4 FPGA images : Image name Raw SONET POS STM-64C RAW-64 POS-64 Channelised STM-64 RAW-CH POS-CH Images will be merged to single images where space allows. SDH mapping structure for POS-CH Image • Channelisation to a mix of : • POS-16 streams (VC4-16C with HDLC decapsulation) with associated POH-16 • POS-4 streams (VC4-4C with HDLC decapsulation) with associated POH-4 Statement of Work – GCHQ_Product_Enhacements_Version_1.0 Commercial in Confidence 6

• POS-1 streams (VC-4 with HDLC decapsulation) with associated POH-1 o STM-64 TOH (SOH & LOH) o SDH descramble programmable per channel o Alarms by channel o Alarm hierarchy is observed (ie: AIS-L will cause PoS frames to stop) o Number of simultaneous channels : • 8.1SX : 16 • 9.2SX2 : 64 channels in total • 1 x 64 channels on one port • 2 x 32 channels per port Statement of Work – GCHQ_Product_Enhacements_Version_1.0 Commercial in Confidence 7

SDH mapping structure for RAW-CH image • Channelisation to 4 streams of AUG-16 (inc LOH) frames • Alarms by channel • LOS, LOF, OOF will cause Raw frames to stop • All other alarms, Raw packets will flow This functionality will be added to the existing 8.1SX RAW Image instead of generating a new image. SDH mapping structure for POS-64 image • VC-4 with HDLC decapsulation operating through BFS for load balancing • 1 stream of POH-64 • STM-64 TOH We will attempt to add this functionality to the existing 8.1SX BFS image, but space constraints may require transmit functionality to be removed. Statement of Work – GCHQ_Product_Enhacements_Version_1.0 Commercial in Confidence 8

Overhead features Provided as a stream of ERF records. These ERF records are distinguished by a unique ERF Type. TOH-64 Transport overhead from STM-64/OC-192 frame. TOH is not provided for sub-rates because individual channel TOH can be extracted from TOH-64. POH-64 POH from SPE from STM-64 frames. POH-16 POH from SPE from STM-16 frames. POH-4 POH from SPE from STM-4 frames. POH-1 POH from SPE from STM-1 frames. Load Balancing features Signal name Load balancing structure PoS-64 PoS packet load balancing is provided as per standard 8.1SX PoS image. PoS-16 4 streams of PoS-16 load balanced to 4 memory holes using programmable mapping. PoS-4 16 streams of PoS-4 load balanced to 4 memory holes using programmable mapping. PoS-1 16 streams of PoS-1 load balanced to 4 memory holes using programmable mapping. (Limited to 16 streams due to RAM limitations in FPGA) RAW-64 Single stream RAW-16 4 streams of RAW-16 load balanced to 4 memory holes using programmable mapping. RAW-4 16 streams of RAW-4 load balanced to 4 memory holes using programmable mapping. RAW-1 16 streams of RAW-1 load balanced to 4 memory holes using programmable mapping. (Limited to 16 streams due to RAM limitations in FPGA) TOH-64 Sent to a 5th memory hole Statement of Work – GCHQ_Product_Enhacements_Version_1.0 Commercial in Confidence 9

POH-16 Each POH-16 is sent the same memory hole associated with the PoS-16 POH-4 Each POH-4 is sent the same memory hole associated with the PoS-4 stream POH-1 Each POH-1 is sent the same memory hole associated with the PoS-1 stream ERF record types The various modes and information is conveyed from the DAG card to the system using different ERF types which allow classification of captured data. ERF types used : Stream Format ERF record type Prior usage Description Information contained in ERF body TOH-64 Overhead No Contains SONET overhead data, similar in structure to Raw record structure Raw overhead bytes aligned to TOH or POH structure as appropriate. Pos Packets Yes HDLC aligned PoS packets RAW Yes RAW SONET Frames POH-64 POH-16 POH-4 POH-1 PoS-64 PoS-16 PoS-4 PoS-1 RAW-64 RAW-16 Raw STM/SONET bytes from entire frame aligned to TOH. RAW-4 RAW-1 40G2 Transmit Overview The customer currently has 40G2 systems in house, used for OC-768 monitoring purposes. The customer would like to be able to use those systems in the lab to generate traffic at OC768 in order for the 40G2 system to be used in T&M applications. The functionality described in this section provides details for an FPGA download image, which can be loaded onto a standard Endace 40G2 system. Statement of Work – GCHQ_Product_Enhacements_Version_1.0 Commercial in Confidence 10

Overview of existing 40G2 functionality (standard functionality) • Receive from a OC-768 link • SONET & HDLC descrambling programmable • No transmit functionality • PoS decapsulation to L-II packets • Programmable optical amplification • Packet classification on 5-tuple and MPLS labels (first and last) • Load balancing to 4 x 10GbE interfaces based upon packet classification • GUI interface • 1U form factor Overview of additional 40G2 features (the project) An alternate image will be generated which can be loaded onto the 40G2 appliance, this image will provide the following functionality. It will be possible to switch back to the standard 40G2 functionality at will. • Transmit from 40G2 unit to OC-768 link • No receive functionality • Accepts packets from the 4 x 10GbE interfaces which will then be combined to generate the payload for the OC-768 SPE after PoS encapsulation • Packet ordering shall be preserved for any one of the 10GbE interfaces Functionality 10GbE interface, Time-stamping, and buffering Packets received on each 10GbE interface will have standard Ethernet format. Ethernet framing is removed leaving the L-II payload which is forwarded on for time-stamping. In this way, MPLS labels are preserved. (VLAN Tags would be removed). Once a L-II frame is received, a time-stamp is generated and attached to the packet. The timestamp is used for subsequent packet scheduling. These time-stamped L-II packets are then sent to buffers waiting to be scheduled for transmission. Statement of Work – GCHQ_Product_Enhacements_Version_1.0 Commercial in Confidence 11

Traffic combination Packets at the head of each buffer are compared using the timestamp on the L-II packet. The packet with the oldest timestamp is scheduled next for transmission. Packets taken from the buffer have the associated time-stamp removed. Once that packet has been taken from the buffer, the process repeats. Because packets are generated on each 10G asynchronously, it cannot be guaranteed that absolute scheduling can occur between any 2 or more streams. This process however guarantees packet ordering per 10G queue, and allows best effort between 10G queues. HDLC mapping & SONET framing Packets received from the Traffic combiner are sent for HDLC framing and byte stuffing. The HDLC encapsulated packets are then inserted into the OC-768 SPE. The HDLC type is configured for all payload being transmitted. SONET & HDLC Scrambling is programmable. Accelerated Roadmap (GCHQ Specific) Overview Given the development efforts involved in this statement of work firmware images will be deployed in stages all of which are described in this section. All images deployed in stages one (1) and two (2) will be termed as either ‘Proof of Concept’ or ‘Beta’ releases and will be subject to additional quality assurance and bug fixes following feedback from GCHQ and Endace’s on testing schedule. Phase three (3, final phase) will encompass all features and subsequent fixes into a single firmware release for future deployments. The phases are as follows: Phase One • Creation of detailed specification for both project (i.e. DAG modifications and 40G2) • Delivery of beta image of DAG modifications via the DAG8.1sx card as detailed within this statement of work Phase Two • Delivery of beta image of DAG modifications via the 9.2SX2 card as detailed in this statement of work • Delivery of beta image of 40G2 transmit functionality as detailed within this statement of work Phase Three • Delivery of fully QA products including relevant documentation Statement of Work – GCHQ_Product_Enhacements_Version_1.0 Commercial in Confidence 12

Statement of Work – Pricing, Terms and Conditions Non Recurring Engineering (NRE) Payment Overview The sections listed above define the engineering work required to accelerate specific features for GCHQ that would not form part of Endace’s current product roadmap. The NRE values associated with this statement of work is a set fee to facilitate the reprioritisation and acceleration of specific functionality for GCHQ above and beyond existing features on Endace’s commercial roadmap for the DAG 8.1SX, 9.2SX2 cards and 40G2 platform. All intellectual property rights created under this statement of work shall remain with Endace All fees associated with this agreement are not to be linked to fixed delivery dates, planned engineering work and timescales will be driven primarily by QA testing and customer feedback. Payment Schedule The following payment applies to Statement of Work JM-0218-0956: Description Item Overview Price Payment Schedule NRE Charge DAG 8.1SX / 9.2SX2 Channelisation Project For the acceleration and reprioritisation of GCHQ specific features for deployment on Endace’s DAG 8.1SX and 9.2SX2 cards. £110,000.00 GBP Due on signature of this statement of work NRE Charge 40G2 Transmit Project For the acceleration and £135,000.00 reprioritisation of GCHQ specific features for deployment on Endace’s NinjaProbe 40G2 platform Due on signature of this statement of work TOTAL £245,000.00 GBP Statement of Work – GCHQ_Product_Enhacements_Version_1.0 Commercial in Confidence 13

Terms of Purchase a) All pricing is UK Pounds Sterling b) The above pricing offer is time limited, Endace requires a GCHQ to issue an official purchase order and sign and return a copy of this statement of work before the 31st of March 2010. c) All works and target dates are based upon an order and signed statement of work being received by the 31st of March 2010. d) Payment terms are 30 days from invoice, which will be issued on signature of this statement of work. Acceptance By signing the section below GCHQ accepts the statement of work JM-0218-0956 as set out above and acknowledges that all payments made against this proposal are for the prioritisation of roadmap features specific to GCHQ. This purchase is subject to the terms and conditions of the Agreement Covering Provision of DAG Network Cards and Associated Support Services entered into between GCHQ and Endace Europe Limited on 08th January 2008. ________________________ ________________________ Signed on behalf of GCHQ Signed on behalf of Endace Europe Ltd ________________________ ________________________ PRINT NAME PRINT NAME ________________________ ________________________ TITLE TITLE ________________________ ________________________ DATE DATE Statement of Work – GCHQ_Product_Enhacements_Version_1.0 Commercial in Confidence 14