Replicate traffic to multiple monitoring and security tools

Traffic replication is the process of making multiple copies of data and forwarding them to different locations, such as NPM/APM tools, network security tools, and data storage.

Benefits of traffic replication include improving the availability of data and increasing the speed of data access.

Use case examples:
• Monitoring (tapping): send the traffic to both its intended destination and monitoring/analysis/storage systems.
• Redundancy: send the traffic to multiple network paths to avoid single points of failure and reduce the risks of downtime.

Balance traffic over multiple monitoring and security tools

When several security tools are deployed, load balancing can optimize the response time and avoid uneven load while another is idling. By distributing the traffic load evenly among the available security tools they are used in the most efficient way. A Network Packet Broker is an ideal tool for this as it sits between the TAPs and security tools.

Send only actionable data to each of the connected tools

Ensure optimum efficiency of monitoring and security tools, and bandwidth utilization, by filtering traffic such that only appropriate data is sent to these network tools.

Target specific parts of the traffic via a wide array of filter rules based on L2/L3/L4 packet headers. Filter rules support priority classes, as well as outbound options to apply to the targeted traffic.

Optimize bandwidth and storage utilization and ensure security compliance

When using packet slicing, the frame headers are kept, and the payloads dropped. By removing payloads that are irrelevant to your network monitoring and security analysis, tool overload and bandwidth usage can be decreased.

Oftentimes the tools that data is forwarded to only need information that is stored in the header of each packet. The payload does not matter. If you remove payload data from packets and leave only the header information, you ensure that only actionable data is sent across to the appropriate tool.

Another benefit of this feature is in security compliance. With packet slicing, you will be able to take out confidential data before it reaches your monitoring tools. This to ensure that this sensitive data is not being stored outside secure boundaries.

Use case examples:
• Optimizing bandwidth and storage utilization through only sending necessary data to connected tools.
• Adhere to privacy laws and security requirements by cutting out confidential data.

Filtering IP-based communication in GTP sessions

The GPRS tunneling protocol (GTP) policies contain rules that permit, deny or tunnel traffic. The Profitap X2-Series NPBs perform GTP policy filtering by checking GTP-U data-plane packets against policies that regulate GTP traffic and by then forwarding, dropping, or tunneling the packet based on these policies.

GTP is a group of IP-based communications protocols used to carry GPRS traffic within GSM and UTMS networks. It is designed as a carrier to transport actual mobile packets over the network via tunneling. The tunnel is a channel between multiple GPRS support nodes through which the hosts exchange data. All IP addresses in the GTP packets are for mobile network elements such as the base station and the serving gateway.

When IP tunneling is used to deliver IP traffic across the core network using GTP, this traffic is encapsulated. That's where the GTP IP filtering feature comes in handy. This feature will allow you to filter by IP in GTP sessions based on information in the data stream to control data flow within your infrastructure. This can be done by configuring the device to pass or drop the encapsulated traffic that doesn't match the packet policy from the mobile station through identifying the source and the destination.

Measure latency for accurate analysis

A crucial aspect of running and maintaining a network is speed. In the context of network monitoring, speed is linked to the concept of latency, referring to the speed of the network or the Remote Response time. Apart from the processing time needed on any network to process a request, there is a delay in the request to reach the network. This delay is called latency. Even though it can be challenging to improve latency, it is important to measure it with purpose-built solutions. The ability to timestamp packets with high precision is therefore essential to understanding what is going on in the network at a packet-by-packet level.

Accurate time information is important for legal and criminal investigation, and the same applies to accurate forensic analysis and performance testing to measure crucial indicators like latency.

Removes packet duplicates and provides a substantial reduction in data traffic volume

Duplicate packets are very common in networks. When accessing traffic at multiple locations in the network, picking up the same packets multiple times is almost unavoidable. When duplicate packets are transmitted to your monitoring tools, the unnecessary utilization of bandwidth and processing power reduces the efficiency and effectiveness of these tools. For that reason, detecting and eliminating identical packets is crucial, as it results in improved visibility across your network. In the X2-Series, packet deduplication is done at the interface ingress.

ERSPAN tunneling and de-tunneling, GRE de-tunneling, VXLAN de-tunneling

NGNPBs provide access to traffic encapsulated for a variety of tunneling protocols, such as Encapsulated Remote SPAN (ERSPAN), Generic Routing Encapsulation (GRE), and Virtual Extensible LAN (VXLAN). These advanced de-tunneling features help ease blind spots of multiple traffic traversing on a network anywhere within your IT infrastructure, whether locally or remotely, physically, or virtually.

Track packets easily by adding IDs to packets based on the source (ingress) port and remove them as they leave the NGNPBs via exit (egress) ports. Using this approach, packets are encapsulated and directed from a switch/VLAN to a target IP endpoint with ERSPAN tunneling and sent to the appropriate tools. Also, by identifying and stripping the protocol, Network Engineers can selectively dictate which types of traffic should be routed to a specific device for further analysis. The X2-Series provides tunnel stripping for GRE, VXLAN, ERSPAN, IP over IP, and Teredo.