Everyone seems to be talking about their “Next Generation” Network Packet Brokers. At the end of the day though, it all looks to be the same old stuff packaged in a new way. Here at Cubro we take a different approach and work closely with customers to develop and offer unique features that truly help daily.
A question we had to ask ourselves is “What has changed in Networking over the past years that makes monitoring and troubleshooting more difficult than ever?” What challenges does a “Next Generation” Network Packet Broker truly need to address to live up to its name?
The explosion of encryption is a major factor. The now widespread use of encryption protects privacy and secures data confidentiality. On the other hand, it offers bad actors a method of obfuscating data exfiltration or mask command and control beacons. This leaves monitoring systems largely blind to what type of traffic is being carried across the network. Fortunately, DPI (Deep Packet Inspection) can be used to help identify traffic based on its behaviour, even when it is encrypted! DPI analytics is a unique feature from Cubro that we build right into our Next Generation Packet Brokers.
Virtualization is another technology that has seen massive growth and application in nearly every facet of networking. With virtualized environments we have many more endpoints, often interconnected via complex tunnelling protocols, in a dynamic and rapidly changing topology. The configuration of such environments is increasingly automated by software and not by a hands-on engineer. To be relevant in these virtualized environments, a Next Generation Network Packet Broker would need to support multiple tunnelling protocols (and be able to support new ones quickly after new technology adoptions). It would also need to support tunnel-in-tunnel traffic and the ability to simply remove outer tunnel headers would no longer be enough. Cubro addresses this need in our Next Gen NPBs with support for numerous tunnelling protocols including MPLS, MPLS over UDP, GRE, NVGRE, VXLAN, and GTP. Support for these is not limited to merely stripping tunnel headers, rather, our Next Gen NPBs can also serve as tunnel endpoints and filter inside the tunnels while leaving the tunnel headers intact. For example, this could be filtering for a specific VNI inside of a VXLAN tunnel or filtering an IP/Port combination from inside a GTP tunnel. Finally, the capability to function within automated environments will be a critical feature moving forward; a Next-Generation Network Packet Broker will need to be able to “follow” a monitored service automatically throughout rapidly changing networks, such as is done with Cubro’s Cloud Switch platform.
Finally, for the sake of troubleshooting, wouldn’t it be cool to be able to take a snapshot capture on a per port basis; capturing traffic at line speed and exporting to PCAPs for advanced troubleshooting? Cubro is building features like this into platforms for everything from small enterprise up to environments requiring 100G link speeds.
These features are not a dream; at Cubro the “Next Generation Network Packet Broker” is part of our current generation of products with models offering these features right now. The key to realizing such an advanced feature set is that our hardware is not based on standard switching silicon; but designed from the ground up to truly function as a Next Generation Network Packet Broker.