Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Blogheader image.png

TAP Into Technology

Leading the Way in Network Technology

Selecting the Right Packet Broker for Your Network

Posted by Ben Cowan | 11/1/18 8:00 AM

The Network Packet Broker (NPB) has become a critical component to any network.  They offer numerous benefits to both network operations and network security teams. With an increasing number of vendors offering these products, selecting the right product has become more challenging than ever.  A good approach to selecting the right product is to first understand that modern NPBs really fall into one of three categories. These include full-featured NPBs, White Box NPBs, and Aggregators. Understanding these three product categories can help reduce the time it takes to locate the correct product for your network.

Full-Featured NPBs

The most feature rich appliances that lead the way in terms of price.  Traditionally these are multi RU chassis designed for large, core installations.  There are only a couple remaining vendors that take this approach to designing a network visibility fabric, but if you're looking for a single box solution for SSL/TLS decryption, some on-board analytics, and additional advanced features this category would be a good place to start.  Everyone likes to justify equipment purchases in terms of ROI, so buyers in this category may have a hard time justifying the upfront cost, however, neither of the other categories can match these in terms of pure performance.

White Box NPBs

Also called Disaggregated Packet Brokers, they leverage commodity hardware with proprietary software to create an NPB. In an industry that has traditionally been dominated by a vertically integrated approach, this category is deviating from the norm.  Products in this category are significantly less expensive than their full featured counter parts, however, commodity hardware can’t support some advanced packet processing features. Still, this product segment is rapidly growing because the White Box NPB can be tightly integrated with other best in class solutions to offer the necessary advanced features operations and security teams are looking for.  Some vendors in this category are taking the stand-alone approach, while others are bringing SDN principles to the visibility fabric. Depending on the size of the deployment either approach can be well suited.

Read EMA's Best Practices for Building A Network Visibility Fabric!

Aggregators

They are unique in the sense that they can be used as a standalone device in most NPB applications, or they can be used to improve the utilization of existing full featured NPBs. In terms of ROI, aggregators may be the best choice because of their low CAPEX and deployment flexibility.  As a stand-alone device Aggregators are responsible for efficiently funneling data from network TAPs and SPAN ports to each tool. This is typically done through a combination of aggregation, replication and L2-L4 filtering. The groomed, tool specific traffic is sent out for processing. More and more tool vendors are including advanced NPB features within the tool itself, making Aggregators increasingly appealing for visibility applications. Like White Box NPBs, many Aggregator vendors also leverage tightly integrated solutions with ecosystem partners to offer additional advanced features where needed.

In the second application Aggregators act in a similar manner, they take ingress traffic from TAP or SPAN ports, aggregate, and distribute with or without filtering to a full featured NPB.  This is being called the 4-Tier approach to network visibility.
Aggregation to NPB
This 4-Tier approach increases port utilization for the full featured NPB and often pushes out or eliminates the need to purchase additional devices, improving the ROI on the original full featured device.

U
ltimately the selection of NPBs is highly dependent on the network and needs of security and operations teams.  Understanding the different devices under the NPB umbrella can help simplify the process for finding the right vendor and device.

[Want more on Network Packet Brokers? Read EMA's new whitepaper Best Practices for Building a Network Visibility Fabric]

Topics: Network Design, Network Packet Brokers/Advanced Aggregators

Written by Ben Cowan

Ben is the Senior Director in solutions engineering for Garland Technology and has focused on networking and data communication solutions that helps improve security, performance, and overall resilience for the last two decades.