Advanced Network Packet Broker Features Explained

Solutions for Complete Access and Visibility into Network

Advanced Network Packet Broker Features Explained

In today’s modern network architecture, monitoring and security tools are required to handle traffic coming from multiple visibility devices including network TAPs or SPAN port. Each of these tools possess a different requirement. In addition, the volume and diversity of traffic can also be overwhelming to these tools. Network Packet Brokers (NPBs) are able to address this challenge by providing a more centralized and intelligent way to manage data forwarding to the monitoring tools.

To do all this, however, NPBs must be capable of managing the relentless growth in network traffic, the multiplication and constant evolution of monitoring and security appliances also the increasing complexity brought by virtualization technologies.

Introducing Next-Generation Network Packet Brokers (NGNPBs)

To accommodate the needs of digital businesses, NPBs capabilities have evolved. Aside from its core functionality such as intelligent aggregation, advanced filtering and load balancing, the NGNPBs offer the following extensive set of features:

Packet Slicing

Packet slicing is one of the most important features that NGNPBs have. Networks and servers only have a limited amount of data storage. If your network can’t cope with the amount of traffic, then packets are more likely to get lost. To prevent this from happening, you need to make sure your device isn’t being wasted on maintaining unnecessary packet payload. How? By removing payload that is irrelevant to your network monitoring and security analysis. When the payload is reduced, the system can run more efficiently.

When using packet slicing, the filter slices a packet to the size of the frame through the header. If you remove payload data from packets and leave only the header information, you ensure that only the right data is captured and sent across to the appropriate tool. As a result, the performance of your tools will be improved as the throughput and storage space are reduced. another benefit of this feature is in security compliance. With packet slicing, you will be able to take out confidential data before it reaches your monitoring tools. This to ensure that this sensitive data is not being stored outside secure boundaries.

Figure 1. Packet Slicing

GTP IP Filtering

According to Statista, mobile accounts for approximately half of web traffic worldwide and is projected to grow substantially in total of traffic volumes. Most traffic generated will be real-time video and multimedia files requiring increased bandwidth and fast connection. As this demand will continue to explode, mobile wireless networks must expand greatly in capacities.

GTP is a group of IP-based communications protocols used to carry GPRS traffic within GSM and UTMS networks. It is designed as a carrier to transport actual mobile packets over the network via tunneling. The tunnel is a channel between multiple GPRS support nodes through which the hosts exchange data. All IP addresses in the GTP packets are for mobile network elements such as the base station and the serving gateway.

When IP tunneling is used to deliver IP traffic across the core network using GTP, there can be multiple layers of encapsulation and addressing within the IP traffic. That’s where GTP IP filtering feature comes handy. This feature will allow you to filter by IP in GTP sessions based on information in the data stream to control data flows within your infrastructure. This can be done by configuring the device to pass or drop the encapsulated traffic that doesn’t match the packet policy from mobile station through identifying the source and the destination.

Figure 2. GTP IP Filtering

ERSPAN Tunneling & De-Tunneling

(GRE tunneling and de-tunneling, VXLAN de-tunneling, and ERSPAN stripping)

Beyond scalable aggregation, replication, NGNPBs provides access to traffic through a variety of complex tunneling protocols such as, Encapsulated Remote SPAN (ERSPAN), Generic Routing Encapsulation (GRE), Virtual Extensible LAN (VXLAN). These advanced tunneling features will help you to ease blind spot of multiple traffic traversing on network anywhere within your IT infrastructure whether it is locally or remotely, physically or virtually.

Track packets easily by adding IDs to packets based on the source (ingress) port and remove them as they leave the NGNPBs via exit (egress) ports. Using this approach, packets are encapsulated and directed from a switch/VLAN to a target IP endpoint with GRE or ERSPAN tunneling and send to the appropriate tools. Also, by identifying and stripping the protocol, Network Engineers can selectively dictate which types of traffic should be routed to a specific device for further analysis.

Figure 3. ERSPAN Tunneling & De-Tunneling

Packet Deduplication

Duplicate packets are very common in networks and unavoidable, especially when you are using SPAN/mirror port. When duplicate packets are transmitted to your monitoring tools, the tools can be overloaded resulting in inefficiency. For that reason, eliminating identical packets is crucial. Not only will this improve the data capacity but also enhance your network performance to achieve your monitoring goals.

Network Packet Broker can eliminate duplicate packets before forwarding the traffic to the monitoring tools. With this packet deduplication technology, similar copies will be dropped from the data stream to reduce overhead. When your network monitoring tools don’t have to deal with problems associated with duplicate packets, they can store and process as much useful data without the unwanted duplicates being transmitted to them. This will increase the visibility across your network and allow your tools to accurately perform its tasks.

Figure 4. Packet Deduplication
Network Packet Broker X2-3200G
Network Packet Broker X2-6400G

Introducing Profitap vTAP – Scalable and easy to manage Virtual TAP

Solutions for Complete Access and Visibility into Network

Introducing Profitap vTAP – Scalable and easy to manage Virtual TAP

Packet-level visibility into your virtual traffic

Profitap vTAP provides complete visibility of VM traffic (including inter-VM) for security, availability, and performance monitoring.

Within the span of a decade, the use of server virtualization has become a standard industry practice. This shift has dramatically improved IT efficiency in companies around the world, benefiting from improved scalability, high availability and greater workload portability. Businesses can now do more with less.

This shift also means that you need a new, scalable and easy to manage approach to get complete visibility into (inter-) VM traffic, in order to monitor for performance, security and availability.

To gain visibility in virtual traffic and forward filtered network traffic to network security and network monitoring tools, you need a Virtual TAP (vTAP).

Virtual TAP

Complete visibility of VM traffic (including inter-VM east-west traffic flows) for security, availability, and performance monitoring. Profitap vTAP taps directly on the VMware infrastructure, which means no extra privileged access to the hypervisors is required.

The vTAP controller is able to manage visibility of thousands of VMs in a simple and comprehensive way. Based on your requirements, Profitap vTAP can scale at the click of a button and grow with your network.

Flexible filters with L3 and L4 criteria and exclude & include filters can be set up to make efficient use of available bandwidth, ultimately preventing network congestion. Filtered data can be forwarded to any available interface.

One single interface to manage visibility of all your virtual datacenters. This enables you to set up and manage your virtual monitoring system quickly and easily.

Filtered traffic flows of interest can be forwarded to any type of traffic collector, analyzer, located in the same virtual datacenter or remote, as well as Profitap physical Packet Brokers.


  • Enables security, availability, and performance through proactive monitoring of virtual data centers
  • Complete visibility of traffic in virtual environments, eliminating blind spots
  • Central management interface for a single overview of the entire virtual visibility system
  • Filtering helps bring down the virtual traffic to actionable data and prevent network congestion
  • Easily scalable
  • Forward virtual traffic back into physical network for analysis

The Importance of Network TAPs Recovery Time

Solutions for Complete Access and Visibility into Network

The Importance of Network TAPs Recovery Time

When it comes to network monitoring, Ethernet TAPs are crucial because SPAN ports on switches may have been compromised and drop packets because of overload. TAPs are the one and only way to get access to see what’s really happening on the physical link without dropping packets.

Using network TAPs will allow you to get in the path of the packets and to relay traffic to the monitoring device without altering the timing between packets. Most importantly, network TAPs provide a fault-tolerant means of getting inline. As a network administrator, you need to be alert for the case when the network TAPs fail, for instance, due to loss of external power.

In the case of power loss, some TAPs are designed to fail-over and continue to pass packets through. The main challenge here, however, is about selecting a network TAP that can recover the fastest, after power outage.

When measuring your network’s performance while dealing with power loss conditions, you should consider looking at the network recovery time especially in mission-critical environments. This is to prevent any interruption in traffic flow to or from the network. The question is, how long does it take for a network TAP to recover from a power failure? Well, this can vary greatly depending on the TAP vendor.

Let’s have a look at the test results of Profitap Gigabit Copper TAPs recovery time compared to other Gigabit TAP vendors on the market. The test was done by Mike Pennacchi to measure the recovery time of the Gigabit TAPs by calculating the amount of time it takes for each TAP to recover from a power failure and then to recover from regaining power.

Profitap Network TAP
TAPs Recovery Time Test Results

Ensuring short network recovery time

As you have seen in the video, when being compared with other network TAPs, Profitap’s network TAPs can perform recovery between 27-289 milliseconds. A faster recovery time when a single fault occurs on the network than other TAPs vendor. Sure, it’s milliseconds-fast, but does it matter? YES! Most of network TAPs are typically used in inline applications, which is why any delay above 300 milliseconds will cause the network link to renegotiate.

In designing and creating our network TAPs, we wanted to ensure on a very short network recovery time. Profitap’s network TAPs has a functionality which dramatically reduce fail-over time. This means, the traffic received from the network will pass through the network TAPs even when the power is disrupted.

Profitap X2-6400G – Next-Generation Network Packet Broker with Extensive Set of Features

Solutions for Complete Access and Visibility into Network

Profitap X2-6400G – Next-Generation Network Packet Broker with Extensive Set of Features

The new Profitap X2-6400G is a Next-Generation Network Packet Broker (NGNPB) with a total throughput of 6.4 Tbps. It offers an extensive set of features, such as packet slicing, GTP IP filtering, ERSPAN tunneling & de-tunneling, GTP Correlation, packet deduplication, and timestamping.

X2-6400G NGNPB provides aggregation, replication, powerful filtering and load balancing in very high bandwidth port monitoring and analysis scenarios.

Network Packet Brokers optimize the performance of network analysis and security tools by delivering filtered traffic of interest, helping you solve application performance bottlenecks and troubleshoot problems on the network.

Feature Highlights

  • Packet Slicing: Remove payload that is irrelevant to network monitoring and security analysis, conserving disk space and load on capture devices.
  • GTP IP Filtering: Filter by IP in GTP sessions based on information contained in the data stream, identifying source and destination.
  • Timestamping: Leverage accurate timing information for accurate forensic analysis, legal and criminal investigation.
  • ERSPAN Tunneling & De-Tunneling: Integrate the X2-6400G as a single, centralized point for ERSPAN stripping in a new or already existing monitoring system based on data ERSPAN encapsulation.
  • GTP Correlation: Stateful detection of mobile data sessions using subscriber ID (IMSI) to filter, replicate and forward to the appropriate monitoring tools.
  • Packet Deduplication: Optimize network efficiency and traffic storage eliminating redundant packet copies.

Optimizing Network Packet Broker Efficiency with Aggregation TAPs

Solutions for Complete Access and Visibility into Network

Optimizing Network Packet Broker Efficiency with Aggregation TAPs

SPAN ports were the preferred approach to network visibility for years. However, when the limitations of using SPAN became clear, the adoption of network TAPs started to increase. As we all know, network TAPs are more reliable than SPAN ports, and provide complete visibility into the network. But SPAN ports and network TAPs are just one link in the network visibility chain.

As enterprises have grown more dependent on networks for success, network architectures are being challenged by the evolution of digital business. More and more people and devices find their way to the connected world. All wanting their fair share of bandwidth. As a result, more tools are deployed in order to help the visibility and security to the network, increasing the network complexity. So, how do you make sure your visibility and cybersecurity appliances get the right data to look at, from any point in your IT infrastructure? A Network Packet Broker will help you out here. Read on to learn how this device can help optimize the performance of your network analysis and security tools.

Optimizing Network Packet Broker Efficiency with Aggregation TAPs

Efficient traffic management with Network Packet Brokers

Network Packet Broker (NPB) is a device that helps optimize the access and visibility of a variety of network monitoring, security and acceleration tools to traffic from one or many network links. This device plays a critical role in gaining visibility into complex networks.

Deployed between the network TAPs and the traffic analysis hardware, the main function of the packet broker is to filter specific network traffic to a specific monitoring tool. It receives data from multiple network links and then acts as a “broker” sending the right packet data out to all devices that need it. By maintaining a many-to-many (M:M) port mapping of network ports to monitoring ports, Network Packet Broker can direct network traffic more efficiently.

One thing that sets NPBs apart from other standard aggregation devices is the set of advanced packet manipulation features this device offers, such as packet slicing, GTP IP filtering, GRE tunneling & de-tunneling, VXLAN de-tunneling, ERSPAN stripping and timestamping. This enables network engineers to filter actionable data only, allowing the network tools to analyze in a more efficient way.

NPBs are not all made equal and quite costly, however. Therefore, in selecting the right NPBs for your network, you should opt for the one that performs all functions required for an optimally performing network architecture.

Network Packet Brokers optimize the performance of network analysis and security tools by delivering filtered traffic of interest, helping you solve application performance bottlenecks and troubleshoot problems on the network.

Optimizing your NPB's ports

With the NPB deployed between tools and infrastructure layers, its ports can fill up quickly when connecting all infrastructure elements. That’s where Profitap’s Booster Aggregation TAP comes into play. This device is specially designed to improve your Network Packet Broker’s ports efficiency.

By connecting 4 1G in-line links or 8 1G SPAN connections to one 10G SFP+ monitoring port (M:1), the Booster optimizes the number of used ports on your Network Packet Broker, without any impact on the performance and packet loss a standard aggregation would face. This way you will be able to monitor traffic from 4 full-duplex in-line or 8 SPAN connections on a single port on your NPB. A significant saving in port space on your device and ultimately in costs.

The optimal solution

A Network Packet Broker paired with a Booster are key in managing and securing the network infrastructure that’s rapidly evolving. It is a cost efficient and easy to deploy solution to help you improve the density performance of your monitoring system.