Is a commodity switch with a little software modification a network packet broker?
The reply is 'No'.
Let's look at the three main reasons why a commodity switch is not a network packet broker.
1. The basic application of a network packet broker is to copy data from one port to the other, filter and aggregate it. Compared to a network packet broker, a commodity switch hardware is built to be cheap and has small amount of buffer memory and filter rules. This means that even the basic applications like filtering and aggregation have issues. A commodity switch works well for network applications. For instance, in the case of the packet loss due to too less buffer memory there is no issue because the network covers the error by retransmission. However, in the case of monitoring, no retransmission is possible if you lose packets and the packets are lost.
2. All these products from major vendors are based on the same chipset, and some of them are the same OEM platform. Therefore, the good news is that the features of these products are limited, and the consumers do not have to spend time to compare the features.
3. As we all know that for modern networks aggregation is not enough. There are other applications like GTP load balancing and to be more specific dual stack GTP load balancing (IPv4 and IPv6) in hardware which is required. In this case would you ask for thousands of rules? The fact is that you do not need thousands of rules but you do need hundreds of rules and if you get only 60-100, then is it enough?
The changing networks must support ever-increasing traffic volumes, higher speeds and more service types. The enterprise networks are becoming ever more complex and all the additional tools which are deployed to the networks create additional latency. To overcome the challenge of network visibility, network packet brokers are used by organisations. The network packet brokers collect and aggregate network traffic and then manipulate or copy that traffic to enable the more efficient use of security and performance tools both inline and/or passive.
Besides delivering true link layer visibility, the advanced network packet brokers are also capable of performing applications like session aware load balancing, IMSI filtering, time stamping and packet slicing, intelligent aggregation and many more.
There are two options - buy commodity hardware for a high price or buy designated hardware with advanced features for the same price. The same chipset will provide same features and modern networks need more applications. The final choice is yours!