Next-Generation Network Packet Broker

The Profitap X2-2010G is a high-end, high-density Network Packet Broker with a total throughput of 2 Tbps, offering packet slicing, timestamping, GRE
de-tunneling, VXL AN de-tunneling, ERSPAN de-tunneling, and many more features.

It has 48 x 10/25G SFP28 and 8 x 40/100G QSFP28 ports and provides aggregation, replication, powerful filtering and load balancing in very
high bandwidth port monitoring and analysis scenarios, all in a single 1U rack unit.

Network Packet Brokers optimize the performance of network analysis and security tools by delivering filtered traffic of interest, helping you solve application performance bottlenecks and troubleshoot problems on the network.

Image

Filtering

Filtering ensures only relevant packets are forwarded to monitoring and security tools using rule-defined criteria. This prevents tool overload, reduces bandwidth consumption, and improves overall performance.
By filtering out unnecessary traffic, only relevant packets are sent, minimizing the load on monitoring infrastructure. 

Filters can select traffic based on specific VLANs or subnets, ensuring targeted network monitoring. Filters can also allow or block traffic based on specific IP addresses, ensuring that only traffic from relevant IP addresses reaches the tools.

Slicing

Slicing helps reduce the amount of data that monitoring tools need to process by eliminating irrelevant portions of packets, such as payloads or application-level data. This allows monitoring tools to focus on key information (e.g., headers) without being overwhelmed by excess data. By capturing only specific parts of a packet (like headers), slicing reduces the overall size of traffic sent to monitoring tools. This minimizes bandwidth usage and processing overhead.
Traffic Optimization:
Slicing ensures that only the essential portions of traffic are sent, reducing unnecessary data flow and making the monitoring process more efficient and faster.
Increased Storage Efficiency:
By retaining only relevant data, truncation reduces the amount of storage needed for packet captures, enabling longer data retention and reducing costs.

Timestamping

Image

High-quality timestamping is critical for effective network monitoring and troubleshooting, particularly in latency-sensitive applications like financial trading systems, fintech services, and Voice over IP (VoIP) communications.

Precise timestamping enables engineers to measure, analyze, and optimize network latency. With accurately timestamped network packets, network engineers can better correlate events and analyze packet flows over time. This enables more efficient network tracing and diagnostics, as the exact sequence and timing of packets are preserved.

Sync with IEEE 1588 (PTP)

Timestamping can be synchronized with Precision Time Protocol (PTP) IEEE 1588 , allowing nanosecond-level precision across devices. This synchronization ensures that timestamps across different devices in the network are perfectly aligned, providing a unified and accurate view of network performance for time-sensitive analysis.

Aggregation

Aggregation combines traffic from multiple sources into one stream. This helps simplify the monitoring process, allowing tools to analyze all the data together.

Aggregation is helpful in environments with traffic coming from various sources (e.g., multiple TAP or SPAN links). Merging these streams ensures comprehensive monitoring while reducing the complexity of managing multiple separate data feeds.

VLAN tag on ingress: Incoming traffic is labeled with a unique VLAN ID as it enters the NPB. This feature is highly beneficial for network monitoring and analysis because it provides a way to categorize and distinguish traffic based on its source.

VLAN tag on egress: Traffic is labeled with the VLAN ID as the traffic exits the NPB toward the monitoring device. When multiple streams are aggregated onto a single output port, you can use different VLAN IDs to keep them logically separate. This way, the monitoring device (e.g., a packet capture appliance, SIEM, or analysis tool) knows which packets belong to which source or rule set.

Rule VLAN tagging: Instead of assigning one VLAN ID to all egress traffic on a port, a specific rule is set up in the NPB. Traffic matching each rule (e.g., by IP address range, protocol, port, etc.) is assigned a unique VLAN ID. With the ability to define many rules, you can handle a large number of network segments or services, such as database traffic or email traffic, each labeled with its own VLAN ID.

Replication

Replication is the process of duplicating network traffic and sending identical copies to multiple monitoring or security tools. This allows the same traffic to be analyzed by different systems without affecting the original data flow.

Replication ensures that multiple tools can analyze the same traffic for different purposes, such as performance monitoring, security analysis, data storage, and compliance checks, without interrupting or altering the original traffic. This improves network visibility and ensures comprehensive monitoring across different systems.

How replication helps

• Enables multiple analyses without affecting the original traffic
• Supports security, performance, and compliance monitoring simultaneously
• Increases network visibility by distributing identical traffic to various tools

By replicating traffic, organizations can deploy different monitoring and analysis tools in parallel, ensuring each tool has the data it needs for its specific purpose. This enhances network visibility and troubleshooting capabilities across different departments or functions.

How do we Replicate?

Non-conflicting rule creation ensures that existing rules do not conflict with new rules. This means that traffic is truly replicated for each active rule.

Overlapping/parallel rules
X2-2010G network packet brokers run all rules simultaneously. This simplifies configuration because new rules will not override existing ones. DROP rules take precedence over ALLOW rules. This parallel approach makes it easy to create scenarios like forwarding live traffic and simultaneously sending a copy for analysis without running into rule conflicts.