Why do you need a Packet Broker in your Network Architecture?
Introduction
Keeping your network secure and running at its best requires sophisticated real-time analysis from various security, monitoring, and performance tools. Even in this ever-evolving industry, these tools still face the same challenge: To provide accurate and reliable analysis, they need access to the right data.
Building a network visibility architecture is the answer to getting ahead of security threats or network performance issues. By knowing exactly what traffic is flowing on your network, you can provide each tool with the right packets for prevention, optimization, and success.
What is a Packet Broker?
As mentioned in the TAPs vs SPAN 1 white paper, network TAPs give your tools an exact copy of all traffic flowing through the network, giving you complete visibility. However, in a “complex network,” the real challenge is funneling the right data to every tool that needs it.
When you start building your network, you may have only a few segments and therefore relatively fewer analysis tools, and connecting them directly may seem like the right thing to do. As your network grows, those 1:1 connections become a management headache. On top of this, high-end analytics tools like firewalls can have even fewer ports, so it’s crucial to avoid overloading equipment to the point where performance is compromised.
Here is where the Network Packet Broker (NPB) comes into play. An NPB is a device that optimizes traffic flow between TAPs and network monitoring, security, and performance tools. They can efficiently route network traffic by maintaining a many-to-many port mapping of network ports to monitoring tool ports. This innovative technology provides key features such as aggregation, filtering to optimize bandwidth usage and load-balancing on connected tools to increase performance.
The ‘Broker’ in NPB refers to its ability to combine, integrate, separate, manipulate and process inputs from many sources, delivering the data to a wide variety of appliance and tool destinations. Delivering the right data to the right tool will optimize security and performance, and increase efficiency while reducing costs.
Key Benefits
As network architectures are evolving and becoming more complex, the use of NPB adds an essential layer of intelligence to reduce this complexity and benefit from:
-
Accurate Data Analysis. Thanks to the advanced packet manipulation the packet broker will deliver the right data to the right tool, increasing their performance and efficiency.
-
Enhanced Security. Providing firewalls, IPSs, and other security tools with the correct data in real-time helps to stop threats and prevent cybercrime.
-
Rapid Recovery Time. The NPB’s manipulation features help to detect and determine the cause issues in real-time and with advanced intelligence applications it reduces downtime.
-
Increase Productivity. NPBs help tools increase performance, decrease congestion, and achieve better coverage with fewer devices by processing only relevant traffic.
What exact features does the NPB offer?
Aggregating, filtering, and load balancing to present the right data seem easy in theory. In reality, intelligent NPBs carry out complex tasks to increase efficiency and security without impacting network visibility and reliability.
Also, the NPB enables to split higher speed traffic to suit slower-speed Gigabit monitoring tools. As networks constantly grow in complexity, size, and speed, for example, from 1 Gbps to 10Gbps, 40Gbps, or even up to 100Gbps, deploying a scalable modular packet broker will reduce costs to expand as the infrastructure evolves, future-proofing your network.
This innovative device also executes other powerful features like:
-
Packet Slicing is when the frame headers are kept, and the payloads dropped. This feature is used to prevent tool overload and reduce bandwidth usage, by removing payloads that are not relevant to the network monitoring and security analysis.
-
Packet Masking is used to conceal sensitive data in order to comply with data protection and security regulations. Enabling complete visibility into decrypted traffic without the risk of exposing sensitive data.
-
Packet Deduplication. Picking up identical packets many times when accessing traffic at different points in the network is practically inevitable. The redundant use of bandwidth and processing resources caused by multiple packet transmissions decreases the efficiency and effectiveness of your monitoring solutions.
-
GRE Encapsulation / De-tunneling. The NPB provides access to traffic encapsulated for a variety of tunneling protocols, such as Encapsulated Remote SPAN (ERSPAN), Generic Routing Encapsulation (GRE), and Virtual Extensible LAN (VXLAN). These cutting-edge de-tunneling features reduce blind spots caused by multiple traffic flow on the network anywhere within the IT infrastructure, whether physically or virtually.
What to look for when searching for the right Packet Broker?
Your network security, cost, and efficiency may be strongly affected when choosing a NPB that doesn’t align with your needs. Pay attention to the key selection criteria you need to take into account to reach the best network visibility solution:
-
Does the device have the proper port density? Can I send data to a variety of tools, and is it scalable for future additions? A good guide can vary from 16 to 64 ports.
-
Does the TAP or Packet Broker process data at a full line rate under full load? If not, your tools could be operating on incomplete data.
-
Can your Packet Broker perform deduplication at line rate speeds? If not, this can result in missed duplication events.
-
Can deduplication work concurrently with other PB features enabled, such as filtering? If not, you could have performance problems.
-
Does the Hybrid TAP or Packet Broker have an intuitive management interface and good deployment features? Does it make things like rules generation, aggregation, filtering, deduplication, header stripping, payload slicing, and GRE tunnels, easy to manage?
-
If you plan to place tools Inline, does your TAP have a bypass option with fail-over capability that allows the network to survive if the network fails?
-
Does the TAP or Packet Broker have a variety of split ratios to meet your needs? If you deploy without the correct split ratio you could face potential network outage problems.
-
Before sending data on to a tool, you’ll likely want to filter the data, this can be a tedious process. Check if your Hybrid TAP or Packet Broker offers filtering features.
-
Does the Packet Broker offer burst protection to help with traffic management and eliminate lost traffic in the case of congestion?
-
If you plan to have visibility into virtualized environments (like a data center), you will need to deploy virtual TAP solutions and may need tunnelling technologies for aggregation/filtering of data traffic.
Summary
Your network depends on tools to keep it functional, secured, and optimised, but due to blind spots that limit comprehensive visibility and management of your infrastructure, none of these tools have a complete picture. By intelligently delivering relevant network traffic and robust visibility, you can connect your network and management tools and analyze, secure, and empower what matters most.
About Network Critical
Network Critical is an industry leader in network access technology. Our quality 1/10/25/40/100G modular TAP and Packet Broker solutions ensure that our customers have continuous network visibility. Network Critical products eliminate any concerns of downtime and our unique scale-out capabilities enable simple, cost-effective expansion, as network and port density requirements grow.
The health of your network is always secure with Network Critical products. Our fully flexible range of TAPs and Packet Brokers are used with IDS, IPS, network traffic monitoring tools, sniffers, and many other mission-critical appliances, to provide 100% network visibility with zero packet loss.
With over 25 years of experience, many industry “firsts” and a reputation for excellent customer service, Network Critical’s solutions are widely used in global networks across a wide range of sectors including Finance, Telco, Government, Energy, and Healthcare.