Profitap Blog

Recent Posts

Stay up to date


Return to Blog

Traffic Optimization by NPBs

Our NPBs provide an essential layer of control and optimization for organizations, enabling them to enhance the efficiency and effectiveness of monitoring infrastructure and more effectively meet their security, monitoring, and compliance requirements. 

Traffic Optimization

Traffic Optimization refers to techniques, such as deduplication, filtering, and slicing, used to improve the efficiency and performance of network monitoring and security tools by reducing unnecessary data, balancing loads, and ensuring only relevant traffic is forwarded. This allows monitoring tools to focus on relevant data while minimizing processing overhead and bandwidth usage.

.Traffic-Optimisation-by-NPBs-a-Sankeymatic_diagram-transparent-02-1

Profitap Network Packet Brokers help: 

  • Optimize Traffic: NPBs filter out unnecessary or redundant packets to ensure that only relevant data is sent to monitoring or security systems. This reduces data overload and enables more efficient analysis, helping organizations detect issues faster and more precisely.

  • Distribute Traffic: Ensure the correct data reaches the right tool, ensuring efficient use of monitoring resources. Intelligent traffic distribution helps maximize the efficiency and accuracy of network operations, such as performance monitoring, intrusion detection, or network forensics.

  • Anonymize Traffic: Mask sensitive data in captured packets for privacy and compliance. In sensitive environments, ensuring the confidentiality of network traffic is paramount. NPBs can anonymize captured data by masking or removing sensitive information such as bank account numbers, credit card details, or user credentials. This feature is critical for meeting privacy regulations as we mentioned in our previous article about Anonymization

Deduplication

Deduplication is the process of identifying and removing duplicate network packets, ensuring that only unique packets are sent to monitoring and security tools.

Why do you need deduplication?

Duplicate packets can occur when multiple TAPs or SPAN ports monitor traffic at different locations in the network. These conditions often cause the same packet to be captured multiple times, leading to duplication. Other reasons for duplicate packets can be load balancing across multiple links or retransmissions in the network. 

Duplicate packets can overwhelm monitoring tools, leading to inaccurate analysis, unnecessary storage use, and increased processing time. Deduplication helps streamline data, ensuring tools only process unique traffic, improving efficiency and accuracy.

How do we deduplicate traffic? 

The network packet broker compares header-based packet signatures to detect duplicate network packets. This allows the Broker to detect duplicate packets even if parts of the headers, such as VLAN ID and TTL, are changed while traversing the network.

XX-series X2 X3 NPB Packet

 ❌

Line rate packet processing

Deduplication is done without impacting latency and other
features. 

Scalable to 150Gbps

Time-based deduplication window of up to 1 second

Filtering 

Filtering ensures only relevant packets are forwarded to monitoring and security tools using rule-defined criteria. This prevents tool overload, reduces bandwidth consumption, and improves overall performance.

How filtering helps

  • Reduce bandwidth flow to monitoring tools: By filtering out unnecessary traffic, only relevant packets are sent, minimizing the load on monitoring infrastructure.

  • Filter on subnets or VLAN: Filters can select traffic based on specific VLANs or subnets, ensuring targeted network monitoring.

  • Filter on a list of IPs: Filters can also allow or block traffic based on specific IP addresses, ensuring that only traffic from relevant IP addresses reaches the tools.

Non-conflicting rules

Non-conflicting rule creation in Network Packet Brokers ensures that all rules can be active in parallel without interfering with each other. This eliminates the need to manually resolve conflicts between new and existing rules, making the setup process faster and more efficient. 

By ensuring that each rule operates independently and without overlap, administrators can implement new policies or filters quickly, reducing the risk of errors and streamlining network traffic management. This results in improved performance, easier configuration, and enhanced network monitoring and security operations reliability.

 

XX-series X2 X3 NPB Packet

Flexible configuration with non-conflicting forwarding and filtering rules.


Number of filters: 

Up to 512

 

Filtering capabilities:

L2:
Source MAC address
Destination MAC address
EtherType
VLAN ID
ARP

 



L3:
Source IPv4/6 address
Destination IPv4/6 address
ICMP
IGMP

L4: 
TCP/UDP ports



Flexible configuration with non-conflicting forwarding and filtering rules.


Number of filters:

Up to 6000

 

Filtering capabilities:

L2:
Source MAC address
Destination MAC address
EtherType
VLAN ID (outer and/or inner), (list, range)
ARP
MPLS (Up to 6 labels)
VNI on VXLAN tunnels
Session ID on ERSPAN tunnels

 

L3:
Source IPv4/6 address
Destination IPv4/6 address
Inner Source IPv4 address in GRE/GTP packets
Inner Destination IPv4 address in GRE/GTP packets
Protocol
MF Flag (Ignore/ON/OFF)
DF Flag (Ignore/ON/OFF)
Offset (Ignore/Zero/Non-Zero)


L4:  

TCP/UDP/SCTP ports (list, range)

Priority-based rule system




Number of filters:

Up to 18k TCAM
Up to 10M CPU

 

Filtering capabilities:

L2:
Source MAC address
Destination MAC address
EtherType
VLAN ID (outer and/or inner)
MPLS
VXLAN
PPTP
L2TP


L3:
Source IPv4/6 address
Destination IPv4/6 address
Inner Source IPv4 address in GRE/GTP/VXLAN/ERSPAN/GRETAP packets

Inner Destination IPv4 address in GRE/GTP/VXLAN/ERSPAN/GRETAP packets
Protocol
GRE
IPIP (IP in IP)
IPIP6 (IPv6 in IPv4)
IP6IP (IPv6 in IPv6)
TEREDO
IPSEC AH
IPSEC ESP
ICMP
OSPF
IS-IS


L4:  

TCP/UDP/SCTP ports (range)
BGP

L5-L7:
SSL/TLS, FTP, POP3, SMTP, DNS, RADIUS, CoAP, HTTPS, HTTP, HTTP2

Slicing

Slicing reduces data volume and optimizes traffic for monitoring tools by only forwarding specific parts of network packets, such as headers, rather than the entire packet.

 

Why do you need slicing?

Slicing helps reduce the amount of data that monitoring tools need to process by eliminating irrelevant portions of packets, such as payloads or application-level data. This allows monitoring tools to focus on key information (e.g., headers) without being overwhelmed by excess data.

 

How slicing helps

  • Reducing Data Volume: By capturing only specific parts of a packet (like headers), slicing reduces the overall size of traffic sent to monitoring tools. This minimizes bandwidth usage and processing overhead.

  • Traffic Optimization: Slicing ensures that only the essential portions of traffic are sent, reducing unnecessary data flow and making the monitoring process more efficient and faster.

  • Increased Storage Efficiency: By retaining only relevant data, truncation reduces the amount of storage needed for packet captures, enabling longer data retention and reducing costs.

 

How do we slice traffic?

Profitap Network Packet Brokers perform packet slicing through truncation. This involves cutting packets after a specific number of bytes, retaining only the relevant portion, such as headers or metadata. 

 

XX-series X2 X3 NPB Packet

No slicing support

64–9215 bytes truncation, line rate

From the start of the packet

60-65535 bytes truncation

Packet Header Only Selective Slicing

Dynamic (header-based) slicing: Remove the TCP header only by playing with offset values.

Timestamping

high-quality timestamping is critical for effective network monitoring and troubleshooting, particularly in latency-sensitive applications like financial trading systems, fintech services, and Voice over IP (VoIP) communications. 

Precise timestamping enables engineers to measure, analyze, and optimize network latency. With accurately timestamped network packets, network engineers can better correlate events and analyze packet flows over time. This enables more efficient network tracing and diagnostics, as packets' exact sequence and timing are preserved.

Sync with IEEE 1588 (PTP)

Timestamping can be synchronized with Precision Time Protocol (PTP) IEEE 1588, allowing nanosecond-level precision across devices. This synchronization ensures that timestamps across different devices in the network are perfectly aligned, providing a unified and accurate view of network performance for time-sensitive analysis.

XX-series X2 X3 NPB Packet

No timestamping support 

Timestamping on ingress port

Line rate

PTPv2 (IEEE1588) sync on dataplane

Timestamp using ERSPAN type 3 standard headers

Hardware timestamping (PTPv2 IEEE1588 sync)

Line rate

Timestamp is added as a trailer to an ethernet frame. 

TLS/SSL Decryption

Deploying Profitap’s X3-Series In-Line Decryption models as a dedicated solution can enable complete SSL/TLS traffic visibility. Unencrypted traffic helps network engineers gain deeper visibility into traffic that would otherwise be an encrypted blind spot. Decrypting network traffic can also help speed up troubleshooting processes by helping identify the issue’s source faster.

Passive In-line decryption ensures that the X3-Series In-Line Decryption model can deliver the relevant, decrypted data to the entire security stack without affecting security tool performance.

XX-series X2 X3 NPB Packet

Filtering encrypted traffic


Forwarding encrypted traffic

Filtering encrypted traffic


Forwarding encrypted traffic

Passive In-line decryption and re-encryption

Offload decryption load from security tools

Scalability: decrypt once, send to multiple tools

Supports up to TLS 1.3

TLS 1.3 in-line decryption is done via a proxy

Profitap Network Packet Brokers (NPBs) are advanced hardware solutions that intelligently manage and distribute network traffic from key capture points to monitoring and security tools. They excel in environments with high data volumes and complex network infrastructures, providing essential control and optimization to meet security, monitoring, and compliance needs efficiently.