Our NPBs provide an essential layer of control and optimization for organizations, enabling them to enhance the efficiency and effectiveness of monitoring infrastructure and more effectively meet their security, monitoring, and compliance requirements.
Traffic Optimization
Traffic Optimization refers to techniques, such as deduplication, filtering, and slicing, used to improve the efficiency and performance of network monitoring and security tools by reducing unnecessary data, balancing loads, and ensuring only relevant traffic is forwarded. This allows monitoring tools to focus on relevant data while minimizing processing overhead and bandwidth usage.
.
Profitap Network Packet Brokers help:
- Optimize Traffic: NPBs filter out unnecessary or redundant packets to ensure that only relevant data is sent to monitoring or security systems. This reduces data overload and enables more efficient analysis, helping organizations detect issues faster and more precisely.
- Distribute Traffic: Ensure the correct data reaches the right tool, ensuring efficient use of monitoring resources. Intelligent traffic distribution helps maximize the efficiency and accuracy of network operations, such as performance monitoring, intrusion detection, or network forensics.
- Anonymize Traffic: Mask sensitive data in captured packets for privacy and compliance. In sensitive environments, ensuring the confidentiality of network traffic is paramount. NPBs can anonymize captured data by masking or removing sensitive information such as bank account numbers, credit card details, or user credentials. This feature is critical for meeting privacy regulations as we mentioned in our previous article about Anonymization
Deduplication
Deduplication is the process of identifying and removing duplicate network packets, ensuring that only unique packets are sent to monitoring and security tools.
Why do you need deduplication?
Duplicate packets can occur when multiple TAPs or SPAN ports monitor traffic at different locations in the network. These conditions often cause the same packet to be captured multiple times, leading to duplication. Other reasons for duplicate packets can be load balancing across multiple links or retransmissions in the network.
Duplicate packets can overwhelm monitoring tools, leading to inaccurate analysis, unnecessary storage use, and increased processing time. Deduplication helps streamline data, ensuring tools only process unique traffic, improving efficiency and accuracy.
How do we deduplicate traffic?
The network packet broker compares header-based packet signatures to detect duplicate network packets. This allows the Broker to detect duplicate packets even if parts of the headers, such as VLAN ID and TTL, are changed while traversing the network.
|
||
❌ |
Line rate packet processing |
Scalable to 150Gbps Time-based deduplication window of up to 1 second |
Filtering
Filtering ensures only relevant packets are forwarded to monitoring and security tools using rule-defined criteria. This prevents tool overload, reduces bandwidth consumption, and improves overall performance.
How filtering helps
- Reduce bandwidth flow to monitoring tools: By filtering out unnecessary traffic, only relevant packets are sent, minimizing the load on monitoring infrastructure.
- Filter on subnets or VLAN: Filters can select traffic based on specific VLANs or subnets, ensuring targeted network monitoring.
- Filter on a list of IPs: Filters can also allow or block traffic based on specific IP addresses, ensuring that only traffic from relevant IP addresses reaches the tools.
Non-conflicting rules
Non-conflicting rule creation in Network Packet Brokers ensures that all rules can be active in parallel without interfering with each other. This eliminates the need to manually resolve conflicts between new and existing rules, making the setup process faster and more efficient.
By ensuring that each rule operates independently and without overlap, administrators can implement new policies or filters quickly, reducing the risk of errors and streamlining network traffic management. This results in improved performance, easier configuration, and enhanced network monitoring and security operations reliability.
|
||
Flexible configuration with non-conflicting forwarding and filtering rules. Up to 512
L3: |
Flexible configuration with non-conflicting forwarding and filtering rules. Up to 6000
L3:
TCP/UDP/SCTP ports (list, range) |
Priority-based rule system Up to 18k TCAM
Filtering capabilities:
Inner Destination IPv4 address in GRE/GTP/VXLAN/ERSPAN/GRETAP packets
TCP/UDP/SCTP ports (range) L5-L7: |
Slicing
Slicing reduces data volume and optimizes traffic for monitoring tools by only forwarding specific parts of network packets, such as headers, rather than the entire packet.
Why do you need slicing?
Slicing helps reduce the amount of data that monitoring tools need to process by eliminating irrelevant portions of packets, such as payloads or application-level data. This allows monitoring tools to focus on key information (e.g., headers) without being overwhelmed by excess data.
How slicing helps
- Reducing Data Volume: By capturing only specific parts of a packet (like headers), slicing reduces the overall size of traffic sent to monitoring tools. This minimizes bandwidth usage and processing overhead.
- Traffic Optimization: Slicing ensures that only the essential portions of traffic are sent, reducing unnecessary data flow and making the monitoring process more efficient and faster.
- Increased Storage Efficiency: By retaining only relevant data, truncation reduces the amount of storage needed for packet captures, enabling longer data retention and reducing costs.
How do we slice traffic?
Profitap Network Packet Brokers perform packet slicing through truncation. This involves cutting packets after a specific number of bytes, retaining only the relevant portion, such as headers or metadata.
|
||
No slicing support |
64–9215 bytes truncation, line rate |
60-65535 bytes truncation Packet Header Only Selective Slicing |
Timestamping
high-quality timestamping is critical for effective network monitoring and troubleshooting, particularly in latency-sensitive applications like financial trading systems, fintech services, and Voice over IP (VoIP) communications.
Precise timestamping enables engineers to measure, analyze, and optimize network latency. With accurately timestamped network packets, network engineers can better correlate events and analyze packet flows over time. This enables more efficient network tracing and diagnostics, as packets' exact sequence and timing are preserved.
Sync with IEEE 1588 (PTP)
Timestamping can be synchronized with Precision Time Protocol (PTP) IEEE 1588, allowing nanosecond-level precision across devices. This synchronization ensures that timestamps across different devices in the network are perfectly aligned, providing a unified and accurate view of network performance for time-sensitive analysis.
|
||
No timestamping support |
Timestamping on ingress port Line rate PTPv2 (IEEE1588) sync on dataplane Timestamp using ERSPAN type 3 standard headers |
Hardware timestamping (PTPv2 IEEE1588 sync) Line rate Timestamp is added as a trailer to an ethernet frame. |
TLS/SSL Decryption
Deploying Profitap’s X3-Series In-Line Decryption models as a dedicated solution can enable complete SSL/TLS traffic visibility. Unencrypted traffic helps network engineers gain deeper visibility into traffic that would otherwise be an encrypted blind spot. Decrypting network traffic can also help speed up troubleshooting processes by helping identify the issue’s source faster.
Passive In-line decryption ensures that the X3-Series In-Line Decryption model can deliver the relevant, decrypted data to the entire security stack without affecting security tool performance.
|
||
Filtering encrypted traffic Forwarding encrypted traffic |
Filtering encrypted traffic Forwarding encrypted traffic |
Passive In-line decryption and re-encryption Offload decryption load from security tools Scalability: decrypt once, send to multiple tools Supports up to TLS 1.3 TLS 1.3 in-line decryption is done via a proxy |
Profitap Network Packet Brokers (NPBs) are advanced hardware solutions that intelligently manage and distribute network traffic from key capture points to monitoring and security tools. They excel in environments with high data volumes and complex network infrastructures, providing essential control and optimization to meet security, monitoring, and compliance needs efficiently.