The last decade experienced an overwhelming increase in network size, bandwidth, and traffic. IT companies were, therefore, forced to adapt by developing the next-generation of security and network monitoring tools. This new wave of tools exposed a greater need for advanced network visibility, one that traditional data center monitoring devices couldn’t handle anymore. Read this article if you want to know more about TAP vs SPAN.
And so, in 2012, Network Packet Brokers were developed. Known also as “data access switches”, “tool aggregators”, “monitoring switches” or “matrix switches”, they are “devices that facilitate monitoring and security technologies to see the traffic which is required for those solutions to work more effectively”, according to Gartner.
NPBs are often required in more complex networks, with increasing speeds that need in-depth and improved network monitoring for a superior network security.
But what exactly is an NPB doing? This powerful device filters specific network traffic in order to optimize the security and traffic flow. More accurately, it receives the network traffic from multiple SPAN ports and/or network TAPs, then filters the data by interest and sends it to the related network analysis and security tools. Efficient and precise.
When do you need a Network Packet Broker?
Most of the time, network engineers complain that their in-line security tools don't receive all the required data, causing blind spots to appear in the network. This can finally lead to wasted resources, redundant costs and a higher possibility of being hacked.
These issues can be solved by using a NPB's capabilities of applying specific filters and rules before forwarding the traffic from network access tools to various network security, performance management, and other monitoring tools. Also, this device can aggregate traffic from multiple input ports to a single output port and vice-versa. See the illustration below to see how an advanced network visibility platform looks like.
A NPB helps you to optimize your network security, performance management, and other monitoring tools. That also means an increased network efficiency while decreasing your costs.
What should you expect from a Network Packet Broker?
First and foremost, the NPB needs to have the ability to filter specific network traffic to specific monitoring tools, so that it can efficiently optimize traffic flow. This characteristic helps network engineers to filter on actionable data only, which allows the network tools to analyze much more efficiently.
The NPB's filtering abilities can not only improve efficiency when it comes to traffic flow but can also help in speeding up incident analysis and in reducing response times. This is because it provide network engineers the flexibility to direct that traffic exactly how they need.
The ability to take the incoming traffic and effectively distributing it to different multiple appliances is another feature that an advanced packet broker has to perform. This feature enhances network security, increases the productivity of your security and monitoring tools, and makes life much easier for network admins.
Intuitive and easy to use GUI
Your preferred NPB should include a configuration interface - graphical user interface (GUI) or command line interface (CLI) for real-time management, like adjustments of packet flow, port mapping and paths. If the NPB is not easy to configure, manage and use, you can't take advantage of its full capabilities.
Intelligent Packet Aggregation
By aggregating multiple packet streams into a large one, your device should create a single unified stream that can be routed to a monitoring tool. This increases your monitoring tools' efficiency.
Packet Broker Costs
One thing to keep in mind when on the market for Network Packet Brokers is the cost. Both long term and short term costs can change significantly, based on whether there are different port licenses available and if the Packet Broker accepts any SFP module or only proprietary SFP's.
To sum up, an efficient Network Packet Broker should provide all these feature, as well as true link layer visibility and microburst buffering, all while maintaining high availability and resiliency.
Our XX Network Packet Broker Series offer all the above functionalities and also includes XX Manager - a web-based interface that allows users to configure and monitor the behavior of their device.