Today, networks are an essential part of a commercial infrastructure, on the same level as power and water. Each malfunction costs thousands each minute, or even worse the network could be compromised by an internal or external fraud attack, so network monitoring is a vital part of networks.
Network Monitoring is not a nice to have gimmick. Without Monitoring you cannot operate networks, even smaller networks need some kind of monitoring. In some cases monitoring is legally required for network providers to fulfill their SLA and government regulations. Network Monitoring is a large field, it starts with counters on the network elements and free tools for SNMP and Wireshark, and ends with large Flow Monitoring Systems and complex carrier orienting call trace tools and lawful interceptions.
For all this application free or multimillion installation it is necessary to have physical access to the network, from 10 Mbit copper interfaces to 100 Gbit fiber connections. What Cubro has to offer starts at this layer, we provide devices which give physical access to the network, without changing the network information, in timing or information.(Optical and electrical TAP)
Over time networks become so complex and large that a simple TAP is no longer enough to provide the correct information to the monitoring. (Cubro Packetmaster)
The next step is NPB with layer 4 capabilities are not sufficient enough anymore, up to Layer 7 devices are needed to fulfil the requests to offload monitoring devices. In some cases, monitoring devices could not work without advanced NPB (Cubro Sessionmaster EXA)because the load must be balanced based on information’s in layer 5 and up.systems. Today we need devices called Network Packet Brokers which receive the traffic from the Taps and aggregate, filter and send it to different monitoring systems.
Today the Tap network is a vital part of a monitoring system, it provides the information from the network and can also help to reduce the cost of the monitoring systems in many ways.
Because we are successful in Tap and NPB up to layer, it is a logical way to go the next step to provide metadata out of the devices. This metadata are agnostic and can be used in any northbound monitoring system.
Symm. load balancing
Symmetric load balancing is a mechanism of interchanging the source and destination addresses to ensure that bidirectional traffic specific to a particular source and destination address pair flows out of the same member of a trunk group.
For many monitoring and security applications, bidirectional conversations flowing through the system must be carried on the same port of a LAG. For network telemetry applications, network traffic is tapped and sent to a Cubro G4 Packetmaster, which can hash selected traffic to the application servers' downstream. Each server analyzes the bidirectional conversations. Therefore, the Packetmaster must enable symmetric load balancing to accomplish bidirectional conversations. In addition, the firewall between the Cubro devices can be configured to allow the bidirectional conversations per link of the LAG. These network telemetry applications also require symmetric load balancing on the LAGs between the Cubro devices.
After enabling symmetric load balancing, Flow X upstream traffic (with SIP as 10.10.10.10, DIP as 18.104.22.168, layer 4 source port as 32500, layer 4 destination port as 53) and Flow X downstream traffic (with SIP as 22.214.171.124, DIP as 10.10.10.10, layer 4 source port as 53, layer 4 destination port as 32500) will hash to the same member link of the LAG resulting in the bidirectional conversation going to the same DPI pool.
Symmetric load balancing or session aware load balancing is supported on all G4 Packetmasters
(EX32, EX32+, EX484-3, EX48400, EX20400)
The Sessionmaster EXA Series, is the next evolution step in the row of the successful Cubro’s Packet Broker product line. Layer 7 packet handling is a standard in this product range.
Intelligent Layer 7 load balancing is a challenge but supported. Keyword and regular expression search is also a standard feature in this product line but the big differentiator to any other product on the markets is.
The EXA understands network protocols, not only by the port number. The EXA can decode protocols similar to a probe. This feature is vital to do keyword and regular expression search, and to produce useful results. It make no sense to search for a regular expression in the full packet, you only want to search in the relevant fields to get a correct search output.
The Sessionmaster EXA Series products focus on the mobile core network, metropolitan area network (MAN), and Internet data center (IDC) big data monitoring. The Sessionmaster EXA Series helps our customer deploy their network application flexibly and quickly by aggregating, filtering, load-balancing and replicating the target traffic;deduplication, time-stamping, load-balancing the PSC/EPC signalling-plane and user-plane traffic, and distributing specified traffic to multiple monitoring tools effectively.
Ultra-high port density and ultra-low power.
The Sessionmaster EXA series products can provide up to 56 10GbE SFP+ ports in 1 U and support device cascading by 2 40GbE ports. However, the typical power is 145W. In
conclusion, the Sessionmaster EXA can increase the access capacity and decrease the operation cost, providing the perfect solution for the next-generation network monitoring and traffic analysis.
Multi-dimensional traffic classification capability
With the high-performance N-tuple classification algorithm, the Sessionmaster EXA series products support many traffic matching rules
including the input port and vlan id match, IPv4/IPv6 5-tuple (supporting mask and range) match, bit-pattern filtering using user-defined attributes match, etc.
Additionally, the Sessionmaster EXA supports millions of extensible ACL rules. In this way, the flexible and robust traffic classification capability helps distribute the target traffic to the monitoring tools more efficiently.
Intelligent load balancing capability in the mobile core network
The Sessionmaster EXA can decode, track and identify the signaling protocols of various interfaces in the mobile core network. In this way, the Sessionmaster EXA can not only extract and restore the specified signaling but also guarantee the traffic integrity of the same session or user during the load balance process.
Cubro bypass solutions
Each Cubro EX can work as A Bypass Switch
Each Cubro EX can produce heart beat packets and with its inline switching function it function as a bypass switch combined as NPB.
The table below shows the amount of links every EX can support. The amount of links can be doubled by using an external optical or copper switch.
The simple version for one copper link 10/100/1000 Mbit with the EX2
Another application for 1 and 10 Gbit fiber also with EX2 and an external optical bypass switch
Multi link multi device bypass application with spare unit done with Packetmaster EX32 and a Cubro optical switch for multiple 10 G interfaces.