Profitap Blog

Recent Posts

Stay up to date


Return to Blog

Introduction to Network Packet Brokers

A tool to empower tools

Manage and optimize data flow to network security and performance monitoring systems

With constantly growing network architectures, acquiring access to traffic for monitoring and analysis is becoming increasingly challenging, both due to the number of capture points, and the number of tools competing for this data.

To help us mitigate these challenges, the ideal solution for managing and optimizing data flow is the implementation of Network Packet Brokers (NPBs). But what is an NPB?

When looking at network infrastructure, we often see tools attached to different points along that infrastructure. Once inserted between the tools and the network, a packet broker lifts that tool plane. Traffic from the network's access points feeds directly into the packet broker, and we then decide which traffic should go where at the packet broker level. We might want to send all of the data to certain tools, while other tools may only need a specific part of the traffic.

The NPB receives traffic from the network analysis points, and can then perform appropriate processing operations (filtering, packet slicing, aggregation, replication, deduplication, load balancing, media type conversion, speed conversion, etc.), before sending it to the right tools. This decreases the load on the tools by sending only clean, actionable data, and also helps increase the lifespan of legacy tools.

Effectively implementing network packet brokers allows better budgeting: rather than buying more tools to meet increased demands, you can leverage the ones you already have.

Network Packet Brokers deployed in the network monitoring infrastructure also offer greater flexibility. The traffic flow configuration can be changed remotely through its GUI/CLI interfaces without data center access.

What is an NPB Who needs NPBs Why use NPBs
Network packet brokers (NPBs) are typically placed between traffic access points (e.g., TAPs, mirrored ports) and analysis tools.

They act as a central point to direct network traffic to and from certain parts of the network while performing traffic processing operations to ensure the appropriate traffic is sent to the appropriate devices and tools.
◉ Organizations that require a dedicated monitoring setup.

◉ Organizations that run multiple security and analysis toolsets.

◉ Organizations who want to control which traffic is sent to analysis tools accurately.

◉ Growing organizations that need to move away from 1:1 connections between access points and analysis tools.

◉ Organizations who want to stay compliant with privacy laws.

◉ Organizations who need to ensure high-quality data is sent to security and analysis tools for faster problem resolution.
◉ To optimize the utilization of traffic access points and analysis tools.

◉ To organize and optimize traffic sent to monitoring and security tools.

◉ To decrease bandwidth and processing power usage by removing unnecessary data.

◉ To improve flexibility and scalability: easily forward data to new tools without impacting other operations.

◉ To have centralized management of traffic flow.

◉ Simplification of monitoring network architecture and on-site operations: once deployed, the traffic flow configuration can be changed remotely via an NPB's GUI/CLI without requiring physical access to the data center.

◉ Conversion of various media types and speeds across both access points and monitoring and security tools.

◉ Advanced integration with both physical and virtual TAPs.

 

Benefits of Profitap NPBs

XX-Series:

X2-Series:

X3-Series:

◉ Aggregation, Replication, Load Balancing, Filtering.

◉ High-density, high throughput.

◉ Up to 255 port-to-port filters.

◉ Non-conflicting rules creation. All rules are active in parallel with each other. This makes sure no conflict between new and existing rules can happen and saves time setting up new rules.

◉ Aggregation, Replication, Load Balancing, Filtering, Packet Slicing, GTP IP Filtering, Timestamping, Packet Deduplication, ERSPAN Tunneling & De-tunneling.

◉ High-density, high throughput.

◉ Processing of features at wirespeed in the data plane: data does not have to be forwarded to a co-processor, resulting in no added latency and no bandwidth bottlenecks.

◉ Non-conflicting rules creation. All rules are active in parallel with each other. This ensures that no conflict between new and existing rules can happen and saves time when setting up new rules. 

◉ Easy to use GUI for easy overview of device status and port and rules setup.

◉ Only 1 rule consumed per TCP/UDP/SCTP port or VLAN ID range filters.

◉ Up to 6000 port-to-port filters.

◉ Replication and Aggregation 
◉ Load Balancing 
◉ Microburst protection
◉ Data masking
◉ SSL/TLS decryption
◉ Packet deduplication 
◉ TCP packet reordering and
     fragments re-assembling 
◉ Full tunneling capability 
◉ Packet Slicing 
◉ IMSI Filtering 
◉ Timestamping 
◉ Export NetFlow V5/V9 
◉ L2-L7 Filtering, DPI 

 

Where to place Network Packet Brokers

Network Packet Brokers are typically placed between the traffic access points (e.g. TAPs, mirrored ports) and the monitoring and analysis tools, and are set up to forward the appropriate traffic from the production network to the appropriate tools.

Screenshot 2024-07-22 155014

Placed between TAPs and tools, Network Packet Brokers act as a data flow management and optimization layer.

 

Network Packet Brokers from Profitap

Network Traffic Aggregators

Traffic Aggregators are entry-level packet brokers that specialize in performing traffic management operations such as aggregation, replication, load balancing, and filtering. They can be used standalone, or combined with advanced NPBs for pre-aggregation of network traffic.

Product reference

Interfaces

1G

10G

25G

40G

100G

400G

Aggregation
Replication
Load Balancing
Filtering

XX-720G

48 x 10G SFP+
6 x 40G QSFP+

-

-

-

XX-1800G

48 x 25G SFP28
6 x 100G QSFP28

-

XX-3200G

32 x 40/100G QSFP28

-

-

Screenshot 2024-07-22 155807

XX-720G

Screenshot 2024-07-22 155817

XX-1800G

Screenshot 2024-07-22 155828

XX-3200G

 

Network Packet Brokers

Network Packet Brokers offer a more extensive set of features compared to traffic aggregators, all of which are performed at wirespeed in the data plane. These high-versatility, high-performance systems help finely tailor network traffic from a multitude of sources and types for delivery to network analysis, monitoring, and security tools.

Product reference

Interfaces

1G

10G

25G

40G

100G

Aggregation

Replication

Load Balancing

Filtering

Packet Slicing

GTP IP Filtering

Timestamping

Packet Deduplication

Tunneling &
De-tunneling

Netflow export

Microburst protection

Data masking

SSL/TLS decryption

X2-2000G

16 x 1/10/25G SFP28
32 x 10/25G SFP28
8 x 40/100G QSFP28

-

X2-2010G

48 x 10/25G SFP28
8 x 40/100G QSFP28

-

-

X2-3200G

32 x 40/100G QSFP28

-

-

X2-6400G

64 x 40/100G QSFP28

-

-

X3-440G

24 x 1/10G SFP+
2 x 40/100G QSFP28

X3-880G

48 x 1/10G SFP+
4 x 40/100G QSFP28

Screenshot 2024-07-22 160202

Screenshot 2024-07-22 160213

Screenshot 2024-07-22 160223