NEOXPacketWolf
FPGA-Based Advanced Packet Processing Appliance
for up to 400Gbps

The NEOXPacketWolf is the ideal platform for advanced packet processing of network data up to 400Gbps per appliance thanks to its FPGA-based architecture.

Our PacketWolf solutions belong to the family of Advanced Packet Processing Appliances and can be deployed as a complement to a Network Packet Broker (NPB) – or stand-alone in an existing network monitoring infrastructure.

The data traffic for processing usually comes from a Network Packet Broker, but can also originate from other sources, such as a SPAN port or Network TAP, and after processing is forwarded by PacketWolf on the same or a separate port to a monitoring/security tool or sent back to the original data source.

The use of an Advanced Packet Processing Appliance offers several advantages worth mentioning.

On the one hand, it is possible to granularly reduce the data load for the monitoring system through the advanced packet processing functions. For example, duplicate packets can be removed from SPAN sessions by means of deduplication (see whitepaper „TAPs vs SPAN Port“), or unwanted packets can be removed by means of various packet filtering options.

On the other hand, functions such as Packet Slicing and Packet Masking can ensure compliance with legal and compliance requirements. Particularly in connection with the GDPR, it may be necessary to use Packet Slicing to remove the user data, as the metadata is often sufficient for an analysis.

Using packet masking, it would also be possible to overwrite or „black out“ personal information such as voice data, GEO data, IMSI or IMEI information in the user data and thus hide sensitive and/or personal information from the eyes of third parties.

The processing of the network packets takes place on the high-performance FPGA in hardware and is carried out loss-free up to 400Gbps by the PacketWolf.

• Small form factor (1U, only 40cm deep)
• Supports lossless processing of network data up to 400Gbps
• Reliable and low latency due to FPGA architecture
• Up to 4x 100G QSFP28 interfaces – or 4x 40G QSFP+ / 8x 25G (fan-out) / 16x10G (fan-out)
• Supports individual configurations for 10G, 25G, 40G, 50G or 100G
• Supports nanosecond timestamping according to IEEE 1588v2 PTP
• Scalable and easy to commission
• Replaceable fans and redundant power supplies

• Advanced Packet Processing – Optimisation of tool efficiency through Header Stripping, Deduplication, Packet Slicing (trimming) without packet loss.
• Line Rate Filtering – e.g. protocol-based, IP match list-based and/or by means of logical links.
• Layer 2 based Filtering – Packet lengths, packet errors, frame types (PPPoE Discovery/Session, LLC, SNAP), EtherType, Encapsulation (CFP Cisco Fabric Path, ISL, VLAN (3 Levels), MPLS (7 Levels), VN-Tag), VLAN Tag Value, TPID , MPLS label, MAC addresses, Broadcasts.
• Layer 3 based Filtering – IPv4 or IPV6 version, source/destination addresses (up to 36,000 IPv4 addresses or 8000 IPv6 for exact match and 864 IPv4 or 216 IPv6 subnet match), (ICMP packets), DSCP,ECN/Traffic Class, Protocol/Next Header, TTL/Hop Limit, Flow Label, Fragments (First, Mid, Last), IPv4 header checksum error.
• Layer 4 based Filtering – TCP, UDP, SCTP or other, source/destination ports, TCP flags, TCP/UDP checksum errors.
• Fragment Filtering – Filtering of IP4 and IP6 fragments.
• Data Pattern Matching – Dynamic offset data pattern matching. Based on the start or end of L2, L3, L4 headers or payloads.
• Timestamping – A timestamp with nanosecond accuracy is applied to each processed packet using a PTP time server. Locally or via external PTP grandmaster according to IEEE 1588v2.
• Deduplication – Removal of duplicate packets with a programmable deduplication window of 10 µs to 2 seconds. Configurable packet signatures (masking of variable fields e.g. TTL/Hoplimit, DSCP/TraffType, exclusion of Outer Encapsulations, and more).
• Dynamic Packet Slicing/Trimming – Payload removal so that the Ethernet packet contains only the desired number of bytes or information, including a programmable number of bytes offset. Including FCS recalculation. Metadata is preserved. Enables, among other things, to ensure GDPR compliance.
• Protocol Header Stripping – Remove protocol headers (e.g. VxLAN, MPLS, FabricPath, VNTag, GTP, GRE, ERSPAN, GENEVE, LISP, PPPoE, etc) and extract IP packet payloads for the benefit of analysis tools that cannot process them via decapsulation and de-tunnelling.
• Source Port Labeling – VLAN tagging and untagging or VLAN tag management with ingress tagging and egress stripping.
• Aggregation – Consolidation of incoming network traffic to optimise port usage. 1:1, 1:Many, Many:1, Many:Many
• Traffic Tunneling – Supports L2, L3, L4 filters (see above). Tunnel types: GRE_v0, GRE_v1, EtherIP, GTPv0U, GTPv1v2-C, GTPv1-U_signaling, GTPv1-U_GPDU, IPinIP; VXLAN, GENEVE and others.
• Native Tunnel Termination – L2GRE and VxLAN tunnel termination, including header stripping.
• Load Balancing – Intelligent distribution (uni- and bi-directional flows) of traffic to the ports being monitored to preserve traffic integrity and maximise uptime through failover protection. Wide range of hashing algorithms (e.g. 5 tuple, 2 tuple, VLAN, MPLS, etc).
• Asymetric Hashing – Asymmetric and individual hashing supports common use cases, e.g. lawful interception

• Netflow Export – Generate metadata and flow records in standard NetFlow formats such as NetFlow v5, v9 and IPFIX.
• Packet Masking – Overwriting personally identifiable information (PII) such as voice data, GEO data, IMSI, IMEI, etc. and the like.
• GTP Filtering – Filtering within the GTP protocol (GTP-C, GTP-U, etc.)

* Optionally available on request

• In operation – 8% to 90% relative humidity (Rh), 28°C (82.4°F) maximum temperature, non-condensing
• Storage – 5% to 95% relative humidity (Rh), 101.7°F (38.7°C) maximum temperature, non-condensing

• 4.29 cm (H) x 43.46 cm (W) x 70.7 cm (D) – ca. 16 kg
• 1.7“ (H) x 17.2“ (W) x 15.7“ (D) – ca. 29 lb