Network Packet Broker

Network Packet Broker (NPB) is a new category defined by Gartner in their latest research. This category basically covers what was used to be “Network Monitoring Switch” and gives this category a new name, as market is rapidly increasing and products are becoming more complex. So, lets describe it little bit more detailed (I will not use 100% of Gartner research, as I feel there should be slight changes of this article).

Network Packet Broker products are all those products which are used for intelligent traffic distribution from network devices (routers, switches, servers, etc.) to monitoring devices (such as APM’s, NPM’s, protocol analyzers, forensics tools, etc.). In order to fit into NPB category, this devices should be able to support following:

  • Port mapping (many-to-many, any-to-many, many-to-any, any-to-any), which could be configured with CLI (Command Line Interface) or GUI (Graphical User Interface)
  • Filtering, which should allow at least filtering based on L2-L4 OSI Layers.
  • Aggregation, which should allow users to aggregate multiple data streams into one single stream (most common, sveral 100M/1G into 1G/10G). Other way around should be also supported (splitting one single 10G stream into multiple 1G streams).
  • Regeneration, which should allow user to duplicate same stream to many output ports, allowing larger number of monitoring devices to receive same copy of traffic
  • Load Balancing (traffic load distribution), by sending traffic load to different probes/appliances in order to optimize and scale monitoring or provide needed redundancy in case of failure
  • Time stamping, which should allow insertion of hardware-based time stamps in order improve accuracy of the packet time stamp for more precise measurement

Optionally, these products can support other features (which are also important):

  • DPI (Deep Packet Inspection), allowing user to search for specific content in both packet header and payload, while improving filtering capabilities from L2 to L7 OSI layer
  • Capturing of input port identification data, allowing  unique identification of traffic from multiple input (ingress) ports
  • Masking, allowing masking of sensitive data in compliance use cases (i.e. Social Security numbers, credit card numbers, etc.)
  • Packet slicing and de-duplication, allowing users to cut out unwanted parts of packets, resulting in better tool optimization
  • Micro burst detection

Products should be able to deliver all of these features at line-rate, providing more visibility and better optimization of network tools. All this features will assure that tools will get only the data of interest, which leads to better analysis/monitoring and reporting. Also, by using these technologies you are lowering the risk of tool overload, packet drops, switch/router overload, network failures, etc.

Some advantages of using NPB tools are: better performance, better visibility, improved ROI, improved scalability and improved network security.

About author

Mihajlo Prerad is proven telecommunications sales and presales professional, with extensive knowledge and experience in application and network performance management. In his carrier, he had a chance to work as a distributor and/or partner of world leading manufacturers (i.e. Fluke Networks, Visual Networks, Net Optics, Gigamon, EXFO, Spirent, etc.), which allowed him to gain knowledge in different fields of performance management and solutions design. More information can be found on my LinkedIn profile:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: