A FLEXIBLE HARDWARE PLATFORM FOR ENDLESS NETWORK APPLICATIONS
Currently available with 3 Software Versions
Enterprises need a more intelligent network security and monitoring approach which provides granular visibility down to the link layer. The EXA8 is the first packaged hardware and software solution in the market that addresses the needs of enterprise customers and network engineers for a fail-safe network tapping, traffic capture, and troubleshooting platform.
It is possible to manage the EXA8 not only remotely but wirelessly with the addition of 4G or Satellite modems. Given the small, portable form factor, low power consumption, and economical cost of the EXA8, it becomes a very compelling option for remote and distributed deployments.
Cubro offers three different software versions for the EXA8 platform. The EXA8 can function as an Aggregator, Capture Probe or a Sessionmaster depending on the software installed.
The EXA8 can aggregate up to eight SPAN sessions to a single output to simplify the logistics of getting the traffic they contain to a single point for analysis or monitoring.
The EXA8 functions as a TAP for up to 4 electrical 1Gbps links and, further, aggregates the copied network traffic to either one or two 1/10G SFP+ interfaces for output to a tool. The EXA8 is completely fail-safe inline ensuring that the live network traffic link remains uninterrupted, even if the EXA8 goes offline.
Flow data can be sent to an EXA8 deployed in this role to be monitored and analyzed. A strategic deployment of EXA8s becomes a very cost-effective measure to implement NetFlow and gain greater insight into the organizations network.
The EXA8 can endlessly capture traffic from the configured ports or links. If the reserved disk space is full, the rolling capture overwrites the older capture automatically. The rolling capture also produces an Index of the captured traffic (time, IP address and port information). With the help of this index the relevant traffic can be extracted and exported in a PCAP file for the purpose of analysis.
- OPEN LINUX - POSSIBLE TO INSTALL OR THIRD PARTY SOFTWARE
- 2 X 1/10G SFP/SFP+ PORTS
- MULTI-CORE ARM CPU WITH UP TO 8GBPS THROUGHPUT PERFORMANCE
- PASSIVELY TAP UP TO 4 LINKS OR COLLECT TRAFFIC FOR UP TO 8 1G INPUTS
- CAPTURE TRAFFIC DIRECTLY ON DEVICE AT UP TO 2.5GBPS WITH OPTIONAL CAPTURE FILTERS (TCPDUMP SYNTAX)
- DOWNLOAD CAPTURE FILES FROM WEB UI OR COPY TO REMOVABLE USB/MICRO SD MEDIA
- LINUX OS ALLOWS FOR USE OF COMMON CLI UTILITIES SUCH AS TCPDUMP, TSHARK, AND OTHERS
Cubro Partners Utilize The EXA8 To Offer Customized Solutions
QXIP is an industry leading R&D group developing and deploying open-source and commercial packet capture, DPI, Monitoring, and Lawful Intercept solutions for Voice Carriers and Real-Time Communications Operators. QXIP, in collaboration with Cubro, have taken the EXA8 hardware platform as the basis for two of their software solutions.
QXIP has integrated their HEPIC software with the Cubro EXA8. HEPIC offers VoIP and RTC Analytics and troubleshooting for Telecoms.
QXIP has identified and built solutions to address the challenges service providers face with Lawful Intercept compliance; as they put it. “As a legally sanctioned official access to private communications, Lawful Interception (LI) is a security process in which a service provider or network operator securely collects and provides Law enforcement officials with intercepted communications of private individuals or organizations. LI implementation is required by the European Council Resolution from 1995 which allows for LI to prevent crime, including fraud and terrorism. The challenge for VoIP service providers has been to cost-effectively meet lawful intercept requirements. In most cases, the compliant software and hardware are from different vendors which means it is time-consuming and expensive to comply, deploy, maintain and run smoothly.
EXA8 for LI application bridges this gap and provides an all-in-one X1/X2/X3 ETSI compliant solution developed and certified by QXIP and integration certified with LEA Mediation partners worldwide.”
For more information on QXIP and the EXA8 visit: http://hepic.tel
Other Open Source Projects
Cubro’s ElevateTheEXA8 Contest offered the open-source community a chance to develop unique applications on the EXA8 hardware. Here are some open source projects which highlight the diverse capabilities of the EXA8 and the ingenuity of the open-source community.
Ostinato - Ostinato is an open-source, cross-platform traffic generator based on libpcap that is developed and maintained by Srivats P. This software package transforms the EXA8 into a centralized packet generation device on a network. Users can craft individual packets and traffic streams through the locally hosted Web UI and test how network devices will handle a multitude of protocols and traffic speeds. A Python API offers automation capabilities, while an experimental web client has been developed specifically for the EXA8 project to offer remote control of the device. Furthermore, the port density of the EXA8 allows a user to test multiple devices concurrently or enables multiple users shared access to the same traffic generator.
IN4004 Data Diode – A Data Diode is a transparent security device that connects two networks of varying security levels and allows network traffic to flow in one direction only. Pankaj Malviya transformed the EXA8 into just such a device with his IN4004 application, the name derived from the popular semiconductor diode. Using this application, an EXA8 can be configured to run in either Tx-Only mode or Rx-Only mode. In Tx-Only mode, the EXA8 receives traffic from an outside network and encapsulates it before sending to a second unit operating in Rx-Only mode. The Rx-Only units receives the encapsulated traffic from the sending device, verifies specific header parameters along with a Secure ID, de-encapsulates, and forwards the validated traffic into the network. Any traffic that fails the verification step is dropped. This ensures a secure, unidirectional data link between the two networks on which only permitted traffic can pass.
TICK Stack, nDPI, NTOPng – Motivated by a desire to bring Deep Packet Inspection and protocol analysis to the EXA8, Michele Campus brought the TICK stack, along with the latest releases of NTOPng and nDPI, to the ARM64 platform. The TICK Stack (comprised of Telegraf, InfluxDB, Chronograf, and Kapacitor) is a collection of open-source components that, together, make it possible to store and visualize time series data. nDPI is the Deep Packet Inspection library used by NTOPng to inspect L7 traffic and determine the protocol in use (instead of relying on L4 header information). Prior to Michele’s efforts there were no native ARM64 packages for the TICK stack, or for the latest release of NTOPng. As a result, there is a native upgrade to NTOPng 4 and its powerful new feature set. The addition of the TICK stack to the ARM64 architecture provides a powerful resource for a multitude of applications that leverage time series databases.