Packet slicing in 100 Gbit line rate
Cubro offers packet slicing option with CRC recalculation on multiple 100 Gbit traffic per unit. The EXA32100 is the only multiple 100 Gbit Network Packet Broker which supports packet slicing in-line rate on all 100 Gbit interfaces. There are three options for slicing - 64, 128 and 256 bytes. This feature can be configured on any output port, and it supports dual-stack IPv4 and IPv6.
The significant advantage of packet slicing in such performance is to get the maximum out of your monitoring tools. This application reduces the load to a factor 10 which implies that a 100 Gbit tool can handle 1 TB traffic. Another benefit is that this is done in the silicon and not on an attached CPU because this is deterministic and prevents jitter and packet drop.
Reduce monitoring cost and increase tool efficiency with Cubro EXA32100 and EXA48600. We provide the best value product to fit your need.
Tapping in layer 1
Tapping guarantees that every packet is being sent from the network to the monitoring device. It is a layer 1 technique to get access to network traffic without interfering the original traffic or losing information. Several times when the SPAN port is overloaded, packets get dropped before reaching the monitoring device. There is also the possibility of losing some of the error packets that may be causing problems. If this data is not sent to the monitoring device because it is dropped, it is impossible to troubleshoot. The purpose of tapping is to solve issues related to monitoring and lawful interception. Depending on the physical situation and speed requirements (from very slow 2 Mbit up to very fast 100 Gbit links), optical or copper interfaces can be chosen. A network link (connection) has two directions, which means that for a 100 Gbit link, the user has to handle up to 200 Gbit. The major issue in tapping a network is not interfering the original traffic. Due to this challenge, it is necessary to choose a tool which is built with a deep knowledge of layer 1. Several customers have been using Cubro’s layer 1 solutions for over a decade.
Cubro’s network packet brokers are capable of steering traffic in many ways. The tools are passive and are deployed in-line behind TAPs. They can be used with or without bypass protection. Data centres are constantly trying to lower network cost and increase content control. Steering includes load balancing and traffic tunnelling. Cubro supports all major tunnel techniques including VLAN, MPLS, GRE, NVGRE, GENEVA and VXLAN. TAP networks today can be very complex, as there are often several packet brokers involved. Cubro has systems with more than 1000 ports.
Filtering up to layer 7
Filtering is another major solution needed to support monitoring applications and make optimal use of the monitoring tool's capacity. Cubro products can filter in all 7 layers depending on the equipment. This capability helps the user to save money because only the relevant traffic needs to be monitored and collected. Cubro NPBs support thousands of filters from 2000 in the smallest unit up to 1 million in the biggest. The number of filters has no impact on the performance of the unit. Filtering application makes the monitoring tools operate more efficiently.
Load balance up to multiple 100 G with Cubro NPB
Load balancing is vital because analysing and capturing devices are only capable of handling a certain amount of traffic. Cubro network packet brokers help to load balance the traffic to several devices which share the load. This load balancing is very flexible and supports many ports. This application maximizes throughput, minimizes response time, and avoids overload.
Symmetric load balancing
Symmetric load balancing, or session-aware load balancing, is supported on all Cubro G4 Packetmasters at no extra charge. In addition, 10 LB groups with 16 ports are also supported. Symmetric load balancing is a mechanism that interchanges the source and destination addresses to ensure that bidirectional traffic - specific to a particular source and destination address pair flows out of the same member of a trunk group.
EX Series as Media Converter
The EX Series can also work as a media converter from:
- Copper to Fiber 1 Gbit
- Copper to Fiber 10 Gbit
- Fiber 10 Gbit (SM) to Fiber 10 Gbit (MM), 40 Gbit, 100 Gbit, etc.
Massive two-tier load-balancing
The service provider wanted to do 6,5 to 7 TB session aware load balancing to a DPI application. However, the traffic was delivered asymmetric and over 90 x 100 Gbit links. Moreover, the traffic was from fixed net users and mobile users. The fixed net traffic was significantly asymmetrical implying that the request and answer were not on the same port, and the mobile traffic, as usual, was in the GTP tunnel.
Cubro offered a two-tier load-balancing concept which was based on EXA32100 and EXA48600. In the first stage, the GTP tunnel is removed from the mobile traffic which is the only solution for the asymmetrical traffic issue. Compared to other vendors, GTP tunnel removal in hardware is a standard feature on Cubro products even when the load is very high.
Cubro is able to identify the challenges the customers face and can provide the right solution. In this case, the asymmetrical traffic was a major issue, but Cubro solved this problem by developing a learning load balancing mechanism. This was only possible to develop because the EXA32100 has a high-performance host controller. The units are constantly learning all network relations and based on this information it was possible to solve the asymmetric traffic challenge. Besides this, the advanced network packet broker can remove several MPLS, VLAN, and VXLAN tags to make the traffic readable for the DPI.
In the second stage we use 16 EXA48600 as output. Each of the 6 EXA32100 units was connected to each EXA48600.
Hold on; you don’t have enough ports! That is true for some other visibility vendors but not for Cubro because we can use input and output separately. We can feed 16 links / 32 ports to the unit and still have 32 optical outputs to forward the traffic to the second stage.
In order to handle traffic coming from different sources, you need several rules, and Cubro offers up to 8000 rules per unit. In the second stage the user can do a “simple” layer 4 dual-stack (IPv4 and IPv6) session aware load balancing.
Session-aware load balancing is useful only if the session stays on the same probe forever. This is possible with Cubro monitoring load balancing application which is a unique feature of Cubro product. This works differently than a standard switch load balancing.
A usual hash based load balancing is designed for live traffic. Therefore, the load balancing cannot assure that every hash has a deterministic port relation. This means the load balancing is session aware but not necessarily forwarded to the same port. Especially, when a session stops for a while, then it can happen that after restarting the session is on another port. This is not good for monitoring because this means the traffic is on another probe. We at Cubro don’t do that, and our hash has a deterministic port relation!
The cross-connect is bidirectional, so packets received on the first interface are transmitted out the second interface, and those received on the second interface are transmitted out the first interface.
500 X 10 Gbit port cross-connect with 400 Gbit non-blocking backbone
- EX20400 is connected over 4 x 100 Gbit to one EX32100 to build a 500 port 10 Gbit cross- connect
- The connection is layer 2 transparent
- To ensure full control and secure transfer, all traffic is transported in VXLAN tunnels across the system
- At the output, the VXLAN tunnel head is removed
- Centralized management
100 Gbit port cross-connect full mash
- In this application 6 EX32100s are connected to a fully mashed cross-connect with 162 available 100 Gbit ports (27 per box)
- The interconnection between the boxes can be done with one link, or with two or more depending on the required bandwidth
- The table above shows how many units can be interconnected and how many ports are available
100 Gbit port cross-connect with central unit
- In this application 6 EX32100s are connected to a central unit with 186 available 100 Gbit ports (31 per box)
- The interconnection between the boxes can be completed with one link, or with two or more depending on the required bandwidth
- The table shows how many units can be interconnected and how many ports are available
The user defines the connected endpoint and the application finds the best and shortest way to the endpoint. However, it is also possible to define a hard-coded way.
By clicking on a point, the route is shown as a highlighted path. The application supports any combination of layout, full mesh and central in any combinations and it is self-learning in how the units are connected. Also, we provide all types of traffic statistics.
100 Gbit aggregation with Packetmaster EX32100
The EX32100 is connected via the Cubro optical TAPs to a 100 Gbit live link.
The aggregation feature combines the traffic in both directions to one 100 Gbit output for monitoring purposes. Using the filtering capability of the Packetmaster EX32100 a user can select only the portion of the traffic needed to solve the network problem. Filtering of data ensures that each monitoring or inline security tool receives exactly the right data.
The future of visibility 2020 and beyond
Network performance challenges are increasing, and visibility will be a more critical part of the network infrastructure in future. New trends and increased security threats within the network operations would require high-level visibility in order to get more information out of the network. A recent approach is towards self-organizing and self-healing networks.
The primary difference would be that, unlike today, network visibility will no longer be a separate part of the network but would be a service on top of the network infrastructure. This transition process will need a while because this service approach only works on programmable networks (SDN) and the existing legacy networks do not support this approach.
The challenge for visibility in Cloud environment:
Multiple 10.000 physical servers, multiple 100.000 virtual servers and multiple 1.000.000 instances require entirely different switching concepts and also different visibility approach. In such a network environment, the routing is done on tenant id, client id or in application layer and only ip is not usable because the instances are moving between virtual/physical servers. The routing is not between physical servers but between applications.
Due to the large number of servers and endpoints, physical tapping is not a realistic approach. This involves enormous cost and lot of management effort. Another issue is the massive amount of data, and legal issues will not allow a full capture approach.
The solution is smart filtering/routing to feed the traffic to the relevant analytics tools. This must be done inside the network infrastructure because only there the dynamic filtering/routing information is available in real time.
Currently, there is no switch hardware available to perform such task. This application is possible only with programmable switches, hardware or pure software based.
As part of our future development, Cubro will offer the EXA32100 platform in combination with Sonic NOS such a solution. And this confirms that visibility as a service will not be only software based. Software is needed to control the visibility service but, we will require powerful hardware, and security wise a trusted platform to handle the massive amount of traffic (see host controller picture).
The visibility management will be a part of the network orchestration or will have access to it to get routing information in real time. The other part of this visibility approach is the hardware related part which performs the data filtering and packet forwarding in real time.
The challenge is that this application must share the resources with the existing switching/routing without interfering. In order to make this possible, there needs to be hardware resource to the switch, and the visibility application needs to have access to the traffic on a deeper layer than the switching application. This requires an excellent designed NOS.
This is the reason that Cubro is currently porting the Sonic API to all new G5 units. This feature helps to integrate the units in existing networks and use them also as visibility platforms.
Sonic invented, my Microsoft has some brilliant mechanism which allow this approach. The visibility application runs in the layer below the typical switch application and the hardware layer. This gives full access to every packet. In addition, user gets realtime information from the switch application to do realtime smart filtering.
Due to this reason, Cubro is investing in new advanced platforms which can do much more than regular L4 silicon. We see our products in the future as a part of the network infrastructure, which do switching / steering as part of the programmable network and offer advanced, up to L7, functions for the visibility service.