Metropolitan Area Network — Low-Latency Metro Fabric for Sites, Data Centers & Cloud
A MAN (Metropolitan Area Network) links your buildings, campuses, and colocation sites across a metro with low latency, high bandwidth, and strong SLAs.
SolveForce designs MANs that are application-aware, secure-by-default, and evidence-rich—using Lit Ethernet (EPL/E-LAN), Wavelength, Dark Fiber rings, and MPLS/VPLS, integrated with SD-WAN and cloud on-ramps.
Where this fits:
🖧 Fabric → Networks & Data Centers • 🌐 Catalog → Connectivity
🔀 Overlay → SD-WAN • 🔗 On-Ramps → Direct Connect • 🏢 Hubs → Colocation
🔒 Security → Cybersecurity • 📊 Evidence → SIEM / SOAR
🎯 Outcomes (Why SolveForce MAN)
- Deterministic performance — metro-class latency/jitter for DCI, storage replication, voice/video, and AI fabrics.
- Resilience by design — protected rings, diverse laterals/POPs, and documented SLOs.
- Cloud-ready — deterministic paths to AWS/Azure/GCP via carrier-dense colos and private on-ramps.
- Security built-in — L1/MACsec/IPsec, microsegmentation, and identity-aware access.
- Audit-grade — turn-up baselines, OTDR traces, and monthly SLA reports exported to SIEM.
🧭 Scope (What We Build & Operate)
- Lit Ethernet — EPL (point-to-point), E-LAN (any-to-any), EVPL (point-to-multipoint). → Lit Fiber
- Wavelength (DWDM) — 10/100/400G+ Layer-1 lambdas for DCI and HPC/AI. → Wavelength Services
- Dark Fiber rings — you light it for max control/scale. → Dark Fiber
- MPLS/VPLS — managed L3/L2 for QoS or legacy L2 adjacency. → MPLS • VPLS
- PTP microwave/mmWave — fast metro inter-building links where fiber is impractical. → Fixed Wireless
🧱 Building Blocks (Spelled Out)
- Topologies — protected rings, hub-and-spoke to colo hubs, or partial mesh between key sites.
- Handoffs — 1/10/25/40/100/400 GbE (electrical/optical LR/LR4/ER4) with QinQ/MTU planning.
- QoS/CoS — EF for voice/telepresence; AF for interactive; BE for bulk; class-based SLOs.
- Cloud interconnect — MAN terminates in colo → private on-ramp (Direct Connect/ExpressRoute/Interconnect). → Direct Connect
🔁 Design Patterns (Choose Your Fit)
1) Metro DCI (Data Center Interconnect)
- Wavelength (L1) or EPL (L2) for low, predictable latency; jumbo frames; optional L1 encryption or MACsec.
2) Campus & Multi-Building
- E-LAN any-to-any or hub-and-spoke EVPL; segment by function; route near the edge to bound L2 domains.
3) AI/HPC East-West
- Dense lambdas on Wavelength or Dark Fiber; NCCL-aware leaf/spine; NVMe caches; deterministic microburst headroom.
4) Hybrid WAN (Metro Core)
- Use the MAN as a regional core; branches attach via SD-WAN; break out to cloud at metro hubs.
5) Regulated / Policy Networks
- Deterministic CoS, encrypted trunks, segmentation, and immutable logs for HIPAA/PCI/NIST enclaves.
📐 SLO Guardrails (Typical Metro Targets)
| Class / Medium | One-Way Latency | Jitter Target | Sustained Loss | Availability* |
|---|---|---|---|---|
| Wavelength (metro) | ≤ 1–2 ms | ≤ 0.5–1 ms | < 0.1% | 99.99% (with protection) |
| Lit EPL / E-LAN (metro) | ≤ 1–3 ms | ≤ 1 ms | < 0.1% | 99.95–99.99% |
| Dark Fiber (engineered) | ≈ ~5 µs/km + gear | ≤ 0.5–1 ms | < 0.1% | Design-dependent |
| PTP Microwave/mmWave | ≤ 2–5 ms | ≤ 1–3 ms | < 0.1–0.3% | 99.5–99.95% |
*Higher availability with diverse conduits/bridges/POPs and protected rings. SD-WAN can mask brownouts by steering before outages.
🔒 Security & Zero-Trust (Concrete, Enforceable)
- Encryption — L1 AES-256 on transponders, MACsec at L2, or IPsec at L3 by policy. → Encryption
- Segmentation — VRFs/ACLs and microsegmentation for least privilege. → Microsegmentation
- Identity & access — ZTNA/SASE for users/admins; no flat VPNs. → ZTNA • SASE
- Boundary protection — WAF/Bot at the metro edge; DDoS stance and Anycast withdraw options. → WAF / Bot Management • DDoS Protection
- Evidence — keys in Key Mgmt/HSM; logs to SIEM/SOAR with WORM retention. → Key Management / HSM • SIEM / SOAR
📊 Observability & NOC
- Optical — light levels/OSNR, FEC/BER, OTDR traces;
- Ethernet — latency/jitter/loss, errors, class stats;
- Microwave — RSSI/SNR, fade margins, weather impact.
Dashboards, alarms, and carrier escalation trees with monthly SLA reports. → Circuit Monitoring • NOC Services
💵 Commercials (What Drives Cost)
- Medium & speed (Wave/Lit/Dark/Microwave), distance, protection & diversity, cross-connects (MMR), and construction of laterals.
- IRU vs Lease for Dark Fiber; managed optics vs DIY; MACsec/IPsec/L1 encryption options; HA headends.
🧪 Turn-Up & Acceptance
1) Provisioning — wave/EPL params or fiber span; radio alignment for microwave.
2) Baselines — RFC 2544 / ITU-T Y.1564 throughput/latency/jitter/loss; optical OTDR & light levels or RF link budget.
3) Security — MACsec/IPsec/L1 encryption validation; key custody evidence.
4) Handover — as-builts, diagrams, configs, test artifacts; NOC thresholds & escalation.
Artifacts stored and exported to SIEM for audits. → SIEM / SOAR
🛠️ Implementation Blueprint (No-Surprise Rollout)
1) Inventory & SLOs — sites, DCs/colos, clouds; per-app loss/latency/jitter targets.
2) Topology — ring vs hub-and-spoke vs mesh; plan diverse laterals/bridges/POPs (request route letters).
3) Medium — Wavelength/Lit/Dark/Microwave by use case; MTU & CoS plan.
4) Cloud on-ramps — colo hubs with private interconnects and BGP policy.
5) Security — encryption (L1/MACsec/IPsec), ZTNA/SASE for users, microseg for workloads.
6) Turn-up tests — archive baselines & OTDR traces; accept against SLOs.
7) Operate — NOC thresholds, SLO dashboards, monthly SLA reports; quarterly optimization.
✅ Pre-Engagement Checklist
- 📍 Endpoints (addresses/colo MMRs) and desired speeds.
- 🔀 Diversity requirements & evidence needs (route letters/maps).
- 🔐 Encryption policy (L1/MACsec/IPsec), key custody (CMK/HSM), PKI.
- 🧭 CoS/QoS classes; jumbo MTU alignment.
- ☁️ Cloud on-ramp plan and DNS/Anycast strategy.
- 📊 SIEM/NOC destinations; reporting cadence; escalation contacts.
- 💰 Term/budget guardrails; cross-connect logistics; construction constraints.
🔄 Where MAN Fits (Recursive View)
1) Grammar — metro rails in Connectivity.
2) Syntax — composes the metro fabric in Networks & Data Centers and on-ramps in Cloud.
3) Semantics — Cybersecurity preserves integrity (encryption, segmentation, evidence).
4) Pragmatics — SolveForce AI predicts congestion, weather risk (microwave), and capacity needs.
5) Foundation — consistent terms via Primacy of Language.
6) Map — indexed in SolveForce Codex & Knowledge Hub.
📞 Build a Metro Network That’s Fast, Secure & Auditable
Related pages:
Lit Fiber • Wavelength Services • Dark Fiber • MPLS • VPLS • Fixed Wireless • SD-WAN • Direct Connect • Colocation • Circuit Monitoring • NOC Services • Cybersecurity • Connectivity • Networks & Data Centers • Knowledge Hub