Network Packet Brokers: The ABCs of Network Visibility
2016-06-17 | 7 min read
Staying in control of your network is a never-ending battle. Cloud computing. Virtualized networking. Growing numbers of connected devices. And increasing numbers of security threats emerge daily. Yet amid all this complexity businesses rely on their applications to be reliable, fast and secure.
Having the right monitoring and security tools has never been more vital.
Organizations often end up using a blend of tools from different vendors. But trying to provide an amazing quality of experience with this wide mix of tools gets complicated very quickly. And there’s simply no room for error – since monitoring and security tools are only as good as the data they see.
Network packet brokers are a practical way of addressing this problem, and re-strengthening network security.
What Is A Network Packet Broker?
A network packet broker (NPB) is a device that provides a collection of monitoring tools with access to traffic from across the network. The word “broker”, or “dealer” is helpful to focus on here.
The diagram below shows how an NPB receives data from a number of network links. It then acts as a “broker”, or “dealer”, dealing the relevant data out to the relevant monitoring tools.
It’s a middleman for network monitoring traffic. NPBs are active “brokers”, or “dealers” of data, because they can be specific and targeted in the data that is supplied to each tool.
- Deal data from one network link, to one tool
- Deal data from one network link, to multiple tools
- Deal data from multiple network links, to one tool
- Deal data from multiple network links, to multiple tools
Ultimately, NPBs make monitoring and security tools more effective, by giving them access to a range of data from across the entire network. Blind spots are reduced, giving tools the visibility they need to identify and tackle performance and security threats.
Network Packet Brokers Aren’t All Made Equal
NPBs are a fairly new form of technology. As a result, vendors vary in the way they design these products – there’s no established NPB model.
However, there are at least four things a good NPB will do.
1. Safe Removal Of Redundant Data
Not all traffic that flows through an NPB is useful – some data may be duplicated. To save time, and processing power, duplicate packets, and other redundant data can be removed before reaching monitoring and security tools. During this process, it’s imperative that relevant original data isn’t accidentally dropped.
Advanced NPBs offer zero-loss advanced packet processing at full line rate. This means redundant data is carefully sifted out, while all important, original data packets are preserved and provided to your tools.
2. Application Intelligence and Filtering
Managing the network means knowing what’s on the network. Large networks can have hundreds of applications running, especially with the growth in BYOD. Intelligent NPBs can identify the applications in use on the network and provide that intelligence to any of your tools.
Many tools in use only need to monitor or inspect specific types of applications. Intelligent NPBs can easily “broker” or “deal” traffic out to monitoring and security tools by application flow. This makes your monitoring and security tools much more efficient, and it makes life much easier for administrators.
3. SSL Decryption
Secure Socket Layer (SSL) encryption is the standard technology used to send private information. While it helps protect sensitive data, it also comes with network security risks.
SSL hides sensitive data – but it can end up encrypting and hiding malicious cyber threats too. For network safety, organizations must decrypt and examine SSL traffic.
But decryption takes up valuable processing power. If decryption is left to security tools to perform, time is wasted unraveling code, rather than scanning, and keeping your network safe from threats.
Intelligent NPBs can perform SSL decryption, passing on the decrypted data to your monitoring tools. This gives them the ability to see all of the traffic, and the freedom to get on with protecting your network.
4. Data Masking
One drawback to SSL decryption is it makes all data visible to anyone that has access to your monitoring tools. Some of this unencrypted data may be quite sensitive and protected by regulatory requirements. Data like personally identifiable information (PII), or credit card information must be protected and not exposed to unauthorized individuals.
Thus, advanced NPBs can mask unencrypted sensitive data that should not be, and does not need to be exposed to monitoring and security tools or their administrators. This data masking can be a critical NPB feature that makes monitoring activities safe.
Safe With Keysight
Keysight's network packet broker solutions, include the above features and more.
And setup and configuration of these intelligent features are made easy with its intuitive, drag-and-drop graphical user interface (GUI), releasing you to get on with the business of securing your network.
Keysight's entire series of blogs on visibility are available now in the e-book Visibility Architectures: The ABCs of Network Visibility.