.png?width=40&height=40&name=search%201%20(1).png){kind=small}
Understanding and maintain control of your network is a constant, uphill battle. With the increase in network virtualization, BYOD, and growing number of security threats, network monitoring is more important than ever. It’s well documented that the foundation of any good visibility fabric comes from using network Test Access Points (TAPs), but then where does all that TAP’d traffic go? The answer should be, to a Network Packet Broker.
This is the first blog in a three-part series highlighting the Network Packet Broker
Blog 1: What is a Network Packet Broker?
Blog 2: Understanding NPB advanced features
Blog 3: Selecting the right NPB for your network
Network Packet Broker’s (NPBs) are devices that do just what the name suggests, they “broker” incoming network traffic to any number of security, application performance monitoring, or network forensic tools.The need to “broker” packets before they’re sent to tools comes from 2 major driving forces. First, the throughput of tools is limited, second, every tool requires a different subset of traffic to maximize performance.
NPBs are designed to deliver only the traffic of interest required by any specific tool. NPBs achieve this by using a variety of filtering options that will be explained in detail in the next blog in this series. NPBs act as the man-in-the-middle between TAP/SPAN ports and the tool itself and should be designed with 4 different deployment scenarios in mind:
In this application the most important function of the NPB is its filtering capability. Most tools currently deployed handle up to 10Gbps of traffic at any given time. If the incoming TAP traffic is 40Gbps, the traffic needs to be filtered by a factor of 4. The NPB needs to ensure the traffic is filtered adequately to meet this limitation while providing every packet the tool needs to do its job.
.png?width=759&height=427&name=FAB%20examples%20(1of4).png)
This application builds on the previous, but now the NPB needs to support aggregation. Aggregation allows the user to setup single filters that will be applied to all incoming traffic streams, reducing the setup time/complexity of the device. Aggregation also ensures the tool receives traffic from multiple streams.
.png?width=720&height=469&name=FAB%20examples%20(2of4).png)
This application builds on the first, however, the NPB now needs to be able to replicate and/or load balance traffic. The traffic needs to be replicated/mirrored/copied to ensure each tool has access to any necessary packets. To properly handle this application, the NPB must also support egress filtering, to allow unique filters criteria for each different tool. If multiple tools require the same filtered traffic, the NPB must also support load balancing and options on how to load balance. Well designed NPB’s should support configurable hash-based load balancing, round-robin and weighted round-robin options.
.png?width=759&height=408&name=FAB%20examples%20(3of4).png)
The final application builds on the previous three and uses filtering, aggregation and load balancing to guarantee each tool operates at its maximum efficiency.
.png?width=720&height=453&name=FAB%20examples%20(4of4).png)
If TAPs are the foundation, NPBs are the load bearing structural element of a well-designed visibility fabric. They offer many advanced features to ensure each tool operates to its full potential, by individually tailoring each egress stream to meet the needs of any tool. Subsequent blogs in this series will dive into much greater detail on these advanced features and how to select the right NPB for your network.
