Network Packet Broker and TAP | Optimizing Network Monitoring Efficiency

Network Packet Brokers and TAPs

Network Packet Brokers and TAPs – Optimizing Network Visibility and Monitoring Efficiency

As network traffic continues to increase in speed and volume, organizations require reliable and efficient ways to collect network data to maintain system integrity, ensure secure communications, and uphold corporate compliance. Cubro’s network visibility tools—centered on Network Packet Brokers (NPBs) and TAPs—enhance data collection efficiency for telecom networks and data centers. These tools support cost-effective operations by optimizing monitoring and management workflows, expanding visibility, streamlining incident response, and minimizing recovery times.

What is a Network Packet Broker?

NPBs receive traffic from TAPs or SPAN ports and apply various processing functions such as filtering, load balancing, aggregation, and duplication. These capabilities help maximize the performance and efficiency of security and monitoring tools.

▮Key Features of Cubro’s Network Packet Brokers

  • ● Key Features of Cubro’s Network Packet Brokers
  • ● All ports and functions of each product can be used as standard (excluding some models).
  • ● Flexible configuration of input/output ports
  • ● Independent TX/RX settings on a single physical port
  • ● Filtering based on GTP inner IP addresses
  • ● Session aware traffic load balancing
  • ● Header stripping to decapsulate VXLAN, VLAN, GRE, MPLS tunnels
  • ● Header rewriting before forwarding packets
  • ● Support for VXLAN and VLAN filtering

Note: Functionality may vary depending on the product model.

Key Features of Cubro Network Packet Broker

<Aggregation>

Aggregates network traffic from multiple TAPs and SPAN ports and delivers it to monitoring tools. This enhances monitoring efficiency while minimizing changes to network configurations.

<Multicast (Traffic Replication)>

Replicates incoming traffic and distributes it to multiple output ports. This allows simultaneous monitoring of network traffic across various monitoring tools.

<Filtering>

Extracts only the necessary packets for monitoring from overall network traffic and forwards them to monitoring appliances. By eliminating unnecessary packets, processing loads are reduced and enables stable and efficient monitoring.

<Session aware load balancing>

Distributes high-speed traffic across multiple output ports while preserving session integrity. Packets belonging to the same session are always output through the same port, preventing session fragmentation. This allows effective utilization of cost-efficient, lower-speed monitoring devices for high-speed network traffic.

<sFlow/NetFlow Generation>

Packetmaster supports sFlow generation, while Sessionmaster is capable of generating NetFlow data.(*1)
This enables the extraction of essential flow information from incoming traffic and forwarding it to flow collectors, allowing for easy deployment of flow-based monitoring environments.

(*1)Functionality may vary depending on the model.

<Header Rewriting>

Packetmaster supports full line-rate packet header modification, enabling flexible use cases such as rewriting destination addresses before forwarding. In data center environments, for example, header editing can be combined with packet replication to enable deployment scenarios like the one illustrated below.

[ Benefits ]

– Simplifies modification, redundancy, and scaling of monitoring servers

– No need to modify destination settings on monitored equipment

– Minimizes changes to existing network connections

▮ Editable Header Fields
Source MAC/IP/Port address
Destination MAC/IP/Port address

*Note: Some Packetmaster models support MAC address modification only.

What Is a Network TAP? – A Network TAP is equipment that splits both upstream and downstream traffic between network equipment.

  • ● A Network TAP is installed in-line between network equipment such as routers or switches. It passively duplicates network traffic without impacting the live network.
  • ● It enables 100% replication of both upstream and downstream traffic streams separately, without imposing any processing load on the network equipment.
  • ● Cubro offers two types of TAPs: optical TAPs for fiber links and copper TAPs for UTP cabling.

  • ● Optical TAPs
  • Optical TAPs require no external power, and use optical splitters to physically divide light-based signals traversing fiber links.
  • ● Copper TAPs
  • Copper TAPs require external power and electrically duplicate traffic on copper links. In the event of a power outage, data output to monitoring tools is interrupted; however, the TAP is designed to preserve communication between network equipment during the outage.

Click here for product inquiries