Network Packet Brokers aggregate and filter data to monitoring tools. A reliable, high-performance network packet broker can perform thousands of filters without performance leaks. Most of the fields up to the layer 4 header can be used as a filter match. But sometimes layer 4 is not enough. For advanced functions, a network packet broker should be able to filter and modify traffic up to layer 7. Cubro Sessionmaster units work with network processors. These silicons are highly optimised processors capable of handling network traffic. Compared to the legacy processors, many network-related functions are implemented in hardware. This is the reason why all Sessionmaster units can process the very large amount of data.
But the available packet load per second is lower than the EX series. The maximum load on the Sessionmaster units is 120Gbit/sec for high layer applications. The other advantage of the Sessionmaster is the amount of rules (up to 1 Mio) and the very fast change rate of rules per second (up to 12000). Like all network packet brokers from Cubro, the Sessionmaster can be used as an endpoint device or also inline.
The advanced features of Sessionmaster offer several new applications for network packet broker.
Sessionmaster features and applications
Pv4/IPv6, TCP/UDP/SCTP, HTTP, L7, etc
MPLS, PPTP, L2TP, GTP, GRE, IP over IP, VLAN, PPPoE
Gn/IuPS, S11, S1-MME/S1-U/S6a, etc
Pv4/IPv6 5-tuple, LTE/3GPP 5-tuple in the tunnel, supporting mask /range
IP 7-tuple (dip, sip, dp, sp, pro, an input port, VLAN ID)
Keywords; keywords + 7-tuple rules to make detailed classification
Gn, S1-MME, S11, S6a, S1-U, etc. protocols in PSC/EPC
8 groups of 7-tuple ACL rules, each group containing 2048 IPv4 rules and 2048 IPv6 rules
64 groups of keyword rules, each group containing up to 128 keywords
2048 extensible IP rules
Millions of accurate 5-tuple rules (non-range and non-mask)
Real-time rule configuration and updating
Time stamping, ns-level
IP fragment reassembling
VLAN tag adding or deleting
Identifying GTP upstream and downstream traffic
GRE/GTP/MPLS header stripping
Packet order preserving
4 GB data burst buffering
Cubro Sessionmaster provides application visibility and intelligently forwards the relevant traffic to security and monitoring tools. The benefits of using the Sessionmaster include better visibility of applications and greater efficiency from security appliances deployed in the network and early identification of malicious security communications by using custom regular expressions to identify these traffic patterns. The organisation can not only minimise exposure to risky applications but can also analyse critical communications including voice and video due to the advanced features of Sessionmaster.