Apologies for continuing this thread, but -- I don't understand this preoccupation with "early warning" systems on access to said manhole. What's the point? There are two possibilities here: 1) Someone goes down there and breaks something. You *already* know when this happens, because of your normal link monitoring. 2) There's a false positive (i.e. nothing malicious is done).
From where I stand, these seem like ways to spend money in order to increase the reporting noise.
Or am I missing something? Irregardless, it would be wise to focus on the *common* causes of outages. The things that happen and cause customers pain every day, due to more mundane occurrances like backhoes. Regardless of whether it's a hacksaw or a backhoe that takes out a cable, the customer is still down. Simple economics seem to dictate that the most attention should be devoted to the problems where you get the most "bang for your buck" - i.e. not movie theatre plot scenarios that happen once in many blue moons when there are so many other, far too common (and yet mundane) causes of outages. - S -----Original Message----- From: Peter Beckman <beckman@angryox.com> Sent: Monday, April 13, 2009 11:19 To: Dylan Ebner <dylan.ebner@crlmed.com> Cc: nanog@nanog.org <nanog@nanog.org> Subject: RE: Fiber cut in SF area On Mon, 13 Apr 2009, Dylan Ebner wrote:
It will be easier to get more divergence than secure all the manholes in the country.
I still think skipping the securing of manholes and access points in favor of active monitoring with offsite access is a better solution. You can't keep people out, especially since these manholes and tunnels are designed FOR human access. But a better job can be done of monitoring and knowing what is going on in the tunnels and access points from a remote location. Cheap: light sensor + cell phone = knowing exactly when and where the amount of light in the tunnel changes. Detects unauthorized intrusions. Make sure to detect all visible and IR spectrum, should someone very determined use night vision and IR lights to disable the sensor. Mid-Range: Webcam + cell phone = SEEING what is going on plus everything above. High-end: Webcam + cell phone + wifi or wimax backup both watching the entrance and the tunnels. James Bond: Lasers. Active monitoring of each site makes sure each one is online. Pros: * Knowing immediately that there is a change in environment in your tunnels. * Knowing who or at least THAT something is in there * Being able to proactively mitigate attempts * Availability of Arduino, SIM card adapters, and sophisticated sensor and camera equipment at low cost Cons: * Cell provider outage or spectrum blocker removes live notifications * False positives are problematic and can lower monitoring thresholds * Initial expense of deployment of monitoring systems Farmers use tiny embedded devices on their farms to monitor moisture, rain, etc. in multiple locations to customize irrigation and to help avoid loss of crops. These devices communicate with themselves, eventually getting back to a main listening post which relays the information to the farmer's computers. Tiny, embedded, networked devices that monitor the environment in the tunnels that run our fiber to help avoid loss of critical communications services seems to be a good idea. Cheap, disposable devices that can communicate with each other as well as back to some HQ is a way to at least know about problems of access before they happen. No keys to lose, no technology keeping people out and causing repair problems. Some other things that could detect access problems: * Pressure sensors (maybe an open manhole causes a detectable change in air pressure in the tunnel) * Temperature sensors (placed near access points, detects welding and thermite use) * Audio monitor (can help determine if an alert is just a rat squealing or people talking -- could even be automated to detect certain types of noises) * IR (heat) motion detection, as long as giant rats/rodents aren't a problem * Humidity sensors (sell the data to weatherbug!) One last thought inspired by the guy who posted about pouring quick-set concrete in to slow repair. Get some heavy-duty bags, about 10 feet long and large enough to fill the space in the tunnel. More heavily secure the fiber runs directly around the access space, then inflate two bags on either side of the access point. Easily deflated, these devices also have an electronic device which can notify HQ that they are being deflated or the pressure inside is changing (indicating pushing or manipulation). That way you only need to put these bags at access points, not throughout the whole tunnel. Kinda low-tech, but could be effective. No keys needed, could be inflated/deflated quickly, and you still get notification back to a monitoring point. Beckman --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------