One year ago, Cubro introduced a new device dubbed the “EXA8” to its lineup. The EXA8 came to market combining a unique set of hardware features not previously seen, including fail-safe copper TAPs for up to 4 links, 10G SFP+ ports, an ARM64 CPU, 1TB M.2 SSD, USB 3.0 ports, and Micro SD card slot. At launch, we touted the EXA8 as “the Swiss Army Knife of Network Appliances” and with good reason.
Initially, the EXA8 was released with Cubro’s Probe software bundle. The aim of this software version is to address challenges in network visibility and monitoring that is often found in the Enterprise environment from Small to Medium Businesses up through branch offices in larger organizations. The included feature set allowed passive traffic tapping and aggregation, as well as packet capture and analysis, DPI application identification, and NetFlow statistics.
Cubro has since offered the Sessionmaster software package, taking its namesake and feature-set from Cubro’s line of Layer 7 Network Packet Brokers. This software package enables the EXA8 to function as an Advanced Network Packet Broker with features including filtering, aggregation, load balancing, deduplication, header stripping, active tunnel endpoint, SSL/TLS decryption and much more.
At the same time, QXIP partnered with Cubro to bring their HOMER and HEPIC solutions to the EXA8. The result being a turn-key hardware appliance featuring the comprehensive SIP/RTP capture, analysis, and reporting functionality that QXIP has become known for.
The key to the EXA8’s ability to flex into multiple roles and perform a diverse set of visibility, monitoring, and security related tasks is due to careful selection of hardware in combination with a fully-featured Linux operating system. Cubro has historically employed embedded Linux operating systems across its product line but by utilizing a full Ubuntu Linux install, the EXA8 offers users the opportunity to develop, expand, and customize the feature-set of the device according to the their needs and requirements.
Cubro hosted the Elevate the EXA8 contest shortly after release to offer the open-source community a chance to develop unique applications on the EXA8 hardware. The final submissions to the contest highlight the diverse capabilities of the EXA8 and the ingenuity of the open-source community. The projects that competed for the final grand prize in the contest are as follows:
Ostinato – Ostinato is an open-source, cross-platform traffic generator based on libpcap that is developed and maintained by Srivats P. Srivats saw the EXA8 as an opportunity to create a feature-rich, traffic generating hardware appliance. His software package transforms the EXA8 into a centralized packet generation device on a network. Users can craft individual packets and traffic streams through the locally hosted Web UI and test how network devices will handle a multitude of protocols and traffic speeds. A Python API offers automation capabilities, while an experimental web client has been developed specifically for the EXA8 project to offer remote control of the device. Furthermore, the port density of the EXA8 allows a user to test multiple devices concurrently or enables multiple users shared access to the same traffic generator.
For more information on Ostinato visit: https://ostinato.org/
For a link to Srivats project visit GitHub: https://github.com/pstavirs/elevate-the-exa8
IN4004 Data Diode –A Data Diode is a transparent security device that connects two networks of varying security levels and allows network traffic to flow in one direction only. Contestant Pankaj Malviya transformed the EXA8 into just such a device with his IN4004 application, the name derived from the popular semiconductor diode. Using this application, an EXA8 can be configured to run in either Tx-Only mode or Rx-Only mode. In Tx-Only mode, the EXA8 receives traffic from an outside network and encapsulates it before sending to a second unit operating in Rx-Only mode. The Rx-Only units receives the encapsulated traffic from the sending device, verifies specific header parameters along with a Secure ID, de-encapsulates, and forwards the validated traffic into the network. Any traffic that fails the verification step is dropped. This ensures a secure, unidirectional data link between the two networks on which only permitted traffic can pass.
You can find Pankaj’s IN4004 project at GitHub: https://github.com/malviya-pankaj/ddd-elevate-the-exa8
TICK Stack, nDPI, NTOPng – Motivated by a desire to bring Deep Packet Inspection and protocol analysis to the EXA8, Michele Campus set his sights on bringing the TICK stack, along with the latest releases of NTOPng and nDPI, to the ARM64 platform. The TICK Stack (comprised of Telegraf, InfluxDB, Chronograf, and Kapacitor) is a collection of open-source components that, together, make it possible to store and visualize time series data. nDPI is the Deep Packet Inspection library used by NTOPng to inspect L7 traffic and determine the protocol in use (instead of relying on L4 header information). Prior to Michele’s efforts there were no native ARM64 packages for the TICK stack, or for the latest release of NTOPng. Now, not only is there a native upgrade to NTOPng 4 and its powerful new feature set, but the addition of the TICK stack to the ARM64 architecture provides a powerful resource for a multitude of applications that leverage time series databases.
Check out Michele’s work on GitHub: https://github.com/QXIP/EXA8/wiki/EXA8-NTOPNG-TICK-Stack
To learn more about NTOPng 4 visit: https://www.ntop.org/products/traffic-analysis/ntop/
For more information on the TICK stack see: https://www.influxdata.com/time-series-platform/