Advanced Network Packet Brokers for L7 Application

Network Packet Brokers aggregate and filter data to monitoring tools. A reliable, high-performance network packet broker can perform thousands of filters without performance leaks. Most of the fields up to the layer 4 header can be used as a filter match. But sometimes layer 4 is not enough. For advanced functions, a network packet broker should be able to filter and modify traffic up to layer 7. Cubro Sessionmaster units work with network processors. These silicons are highly optimised processors capable of handling network traffic. Compared to the legacy processors, many network-related functions are implemented in hardware. This is the reason why all Sessionmaster units can process the very large amount of data.

But the available packet load per second is lower than the EX series. The maximum load on the Sessionmaster units is 120Gbit/sec for high layer applications. The other advantage of the Sessionmaster is the amount of rules (up to 1 Mio) and the very fast change rate of rules per second (up to 12000). Like all network packet brokers from Cubro, the Sessionmaster can be used as an endpoint device or also inline.

The advanced features of Sessionmaster offer several new applications for network packet broker.

Sessionmaster features and applications

• ​Powerful Network Protocol Identifying

    Pv4/IPv6, TCP/UDP/SCTP, HTTP, L7, etc

    MPLS, PPTP, L2TP, GTP, GRE, IP over IP, VLAN, PPPoE

    Gn/IuPS, S11, S1-MME/S1-U/S6a, etc

• ​Ultra-detailed Traffic

    Pv4/IPv6 5-tuple, LTE/3GPP 5-tuple in the tunnel, supporting mask /range

    IP 7-tuple (dip, sip, dp, sp, pro, an input port, VLAN ID)

• ​Classification

    Keywords; keywords + 7-tuple rules to make detailed classification

    Gn, S1-MME, S11, S6a, S1-U, etc. protocols in PSC/EPC

• ​Traffic Classification Rule

    8 groups of 7-tuple ACL rules, each group containing 2048 IPv4 rules and 2048 IPv6 rules

    64 groups of keyword rules, each group containing up to 128 keywords

    2048 extensible IP rules

    Millions of accurate 5-tuple rules (non-range and non-mask)

    Real-time rule configuration and updating

• ​Packet Processing

    Time stamping, ns-level

    Slicing

    Replication

    IP fragment reassembling

    VLAN tag adding or deleting

    Identifying GTP upstream and downstream traffic

    GRE/GTP/MPLS header stripping

    Packet order preserving

    4 GB data burst buffering

• ​Filter on the inner IP addresses in any kind of non encrypted tunnel like GTP, GRE, VXLAN, GENEVA, and so on
• Session and Service based load balancing (inner IP in a tunnel)
• Filter on protocol flags for advanced troubleshooting, it is possible to match on any byte within the packet.

Cubro Sessionmaster provides application visibility and intelligently forwards the relevant traffic to security and monitoring tools. The benefits of using the Sessionmaster include better visibility of applications and greater efficiency from security appliances deployed in the network and early identification of malicious security communications by using custom regular expressions to identify these traffic patterns. The organisation can not only minimise exposure to risky applications but can also analyse critical communications including voice and video due to the advanced features of Sessionmaster.