What do I need an Advanced Network Packet Broker for?
With a Network Packet Broker, also known as a Data/Network Monitoring Switch or Matrix Switch, you are able to provide your analysis and monitoring systems with all data streams of the Network TAPs or other data sources distributed in the network, reliably and aggregated.
The Network Packet Broker acts as a link between the access point in your network and, for example, your security tool and, depending on the version, supports all common transceiver standards, from 1 Gigabit SFP slots to the widespread 10 Gigabit SFP+ interfaces to the high-performance QSFP-DD connectors, which allow bandwidths of up to 400 Gigabit per interface.
Using dedicated ASIC hardware, which is used in every Network Packet Broker, both simple and complicated filter rules can be created to ensure an optimized data flow towards the analysis systems.
Here you can filter out unwanted data packets or even entire data streams that are not required for the evaluation and thus reduce the overall load. This enables you to filter incoming data volumes from measuring points, which may be distributed over several 10G or 40G lines, almost latency-free in real time.
This allows you to continue to make optimal use of your existing 1G or 10G monitoring infrastructure and directly discard data that is not of interest without creating additional load on your monitoring systems.
Getting the Most out of Dynamic Load Balancing
Of course, a NextGen Packet Broker also offers you the option of distributing the incoming data load via an automated, load-based mechanism. Here, several analysis and monitoring systems are combined in a virtual port group and defined as a logical target.
Due to its x86-based architecture, a PacketTiger in its NextGen Packet Broker form is also able to provide intelligence-based detection of flows and allow both asymmetric and redundant connections to be monitored much more easily and holistically by the connected systems, as the PacketTiger’s flow detection allows packets to be reassembled at any time and always output to the correct analysis tool.
If a member of this “load balancing” group fails for any reason, the NextGen Packet Broker detects this and automatically distributes the data to the remaining members of that group.
A combination of a heartbeat packet and percentage load detection, combined with intelligent flow and data volume detection, helps NextGen Packet Broker to detect and exclude failed systems from the distribution, as well as load-based distribution in addition to flow-based distribution.
All these features and mechanisms can be combined to get the most out of your analysis and monitoring infrastructure. (see Use monitoring resources more effectively thanks to intelligent Load Balancing)
FILTER CHANGE MADE EASY
Of course, when using a NextGen Packet Broker, you do not have to do without any of the features and conveniences that you already have with a regular Network Packet Broker, or also called a Legacy Packet Broker. This of course includes the filtering options mentioned above.
But what does that mean in detail?
The filters of the NextGen Packet Broker control the traffic flow and can: Deny traffic, pass all traffic, pass traffic according to certain criteria and mark packets.
Using a NextGen Packet Broker you are able to filter the data on OSI level 2 to 4 before passing it to the analysis tool to reduce the load on that very analysis tool. The setting options are manifold, e.g.:
- Layer 2: Source MAC address, Destination MAC address, Ethernet Type, VLAN, MPLS, VXLAN etc.
- Layer 3: Source IP address, Destination IP address, IP address ranges and subnets, IPv4 and IPv6, fragments etc.
- Layer 4: TCP or UDP source and destination ports etc.
- Layer 2-7: UDF (User Defined Filter) – Offset Filtering (Up to 6 Offset’s can be defined, 128Byte to Layer 2-4)
The above list is congruent with the filtering options of our PacketLion series, but in addition a NextGen Packet Broker offers many more options to capture the individual layers of a packet and use them as filter criteria, among others:
- Layer 2: Source MAC Address, Destination MAC Address, Ethernet Type, VLAN, MPLS, VXLAN etc.
- Layer 2: PPPoE Protocol Number, Provider Backbone Bridge SID, Full VXLAN Tunnel Support etc.
- Layer 3: L3-TTL, Encapsulated IPv6 in L3-MPLS
- Layer 4: TCP Window Size, TCP Flags etc
Of course, a NextGen Packet Broker also offers the possibility to create extended filter rules using UDF and thus to filter for content even above Layer 4. UDF stands for “User Defined Filtering” and allows the user to search for specific values or Ethernet fields in each packet by pattern matching.
And if even the UDF is not enough, you can always fall back on the DPI engine, which is also available, and thus penetrate into the last corners of the OSI layer model.
In addition, you also have the option of marking incoming data traffic with corresponding VLAN tags, filtering it according to these tags and finally removing them again.
An example of this is, for example, the tapping of data by means of several Network TAPs on the same connection.
VLAN tagging is often used here in order to be able to separate data coming from the Network TAPs or other measuring points more easily from one another again by means of the VLAN tag on the analysis system.
DATA PROTECTION AND NETWORK PROTECTION GO HAND IN HAND
THANKS TO PACKET SLICING
As with a Network Packet Broker, it is also possible with a NextGen Packet Broker to shorten or slice the individual packets. Often, the gap between the capacity of the recording analysis system on the one hand and the amount of incoming data on the other is so large that, without appropriate additional mechanisms, the analysis system is most likely not able to record all individual packets without loss.
And this is exactly where the Packet Slicing feature comes into play: with this method it is possible to reduce the incoming data load on your analysis system by up to 87% (at 1518 bytes packet size and Packet Slicing at 192 bytes) by simply removing the payload data from each packet.
However, while regular PacketLion Packet Brokers perfectly handle above mentioned slicing technique, NextGen Packet Brokers of PacketTiger series deliver even deeper result.
In addition to the basic approach, a PacketTiger additionally allows you to “attach” the slicing window to an OSI layer or directly to the payload. This allows you to always apply the slicing at the same position, regardless of the structure of the packets, and thus not lose any important information.
And it can also be beneficial for GDPR compliance to remove user-related data from Ethernet packets. By means of Packet Slicing, this is also possible without any problems.
You can also find more information about this in our blog article “Stay at the cutting edge thanks to Packet Slicing“.
HIGH FLEXIBILITY THROUGH NMC/SFP CONNECTIVITY
Our NextGen Packet Brokers from the PacketTiger product range also offer maximum flexibility and scalability when it comes to connectivity.
Not only that our NextGen Packet Brokers, depending on the model, can be equipped with different NMC modules, each of which can cover the most diverse topologies by means of SFP or SFP+ transceivers.
Pure RJ45-based NMC modules are also available and allow you to connect regular copper-based signals to the PacketTiger.
Of course, as a NextGen platform, the PacketTiger also offers the possibility to control and process corresponding 40G signals via QSFP+.
Furthermore, the port splitting function helps you to use one interface multiple times, which allows you to significantly increase the number of usable ports without additional costs.
EASY TO USE AND SIMPLE TO CONFIGURE
The complete setup and configuration of the devices is done either via an intuitive (drag’n drop) and easy to use graphical interface (GUI via HTTPS) or a command line based interface (Serial or SSH).
Both management options put user-friendliness and ease of use at the top of the list and allow you to set up NextGen Packet Broker within a very short time.
Both the drag’n’drop feature of the GUI and the automatic character completion on the CLI allow the user to create complicated and interlocking rule sets, even as a novice.
In addition, both Network Packet Broker and NextGen Packet Broker from NEOX NETWORKS offer an API interface called NETCONF, which allows you to manage multiple systems at the same time and automate filtering rules and other tasks.
TIMESTAMPING LIKE THE PROS
Some of our Network Packet Broker models also support nanosecond hardware timestamping.
This function can not only be very helpful to measure latencies in the network but is also used in critical scenarios such as the so-called high-frequency trading on the stock exchanges.
Here, once again, not only the latency plays an important role but also the usability of a record of a trade, since by means of nanosecond-accurate timestamp it can of course also be determined who initiated which trade at what time.
Advanced NPB Functionalities of our PacketTiger Models
Advanced Packet Processing allows you to work even more granular and look deeper into the individual packets of the data load than you are used to with regular Network Packet Brokers.
Even resource intensive scenarios like removing duplicates in the network or masking or blackening content in the individual packets are no problem for PacketTiger!
- Deep Packet Inspection – Open your network’s envelope and examine the content of your applications
- Netflow Support – Gain insight of your network with IPFIX’s high granularity and expand your monitoring
- Packet Capturing – Capture a PCAP directly on the PacketTiger
- Packet Replay – Replay any PCAP and verify your setup instantly
- Advanced Filtering – Reach ANY data and filter ANY qualifier in your packet headers
- GTP Tunnel Handling – Correlate GTP traffic with IMSI filtering and benefit from inner-IP based dynamic load balancing inside a GTP tunnel
- De-Duplication – Identify and drop duplicate packets, while unique packets are left untouched
- Data Masking – Hide sensitive data by overwriting specific areas of a packet and provide customizable data protection
- Tunnel Support – No tunnel is to deep! PacketTiger supports all available tunnel protocols
NEOX Networks Packet Broker Product Families
NEOX NETWORKS offers 3 NBP product families.
- PacketLion – impress with many features, a high port density and a maximum data throughput of 400Gbps
- PacketTiger – are Next Generation Network Packet Brokers with Advanced Features
- PacketTigerVirtual – is a virtual Network Packet Broker for cloud environments