Skip to content

NetQuest Packet Services Broker

Ultra-Scale Network Traffic Packet Optimization Built for Cyber Security Requirements

Intelligent Packet Optimization for
Optimal Network Visibility

In today’s hyperconnected world, organizations that rely on packet visibility need access to network traffic at the speed of the network without compromise. 

The underlying challenge is that between 50-80% of the network packet traffic collected is not useable. This drives the need to intelligently identify and deliver only relevant and monitorable traffic to the upstream tools to streamline packet analysis and optimize historical storage resources.

The NetQuest Packet Services Broker, enables the creation of an Intelligent Packet Optimization Layer that optimizes network packet traffic based upon granular user-definable traffic policies to more efficiently deliver packets to upstream tools and packet storage to improve monitoring scalability.

The World’s Highest Performance Packet
Optimization Platform

The NetQuest Packet Services Broker delivers multi-terabit, wire-speed advanced packet processing services for high-performance security-focused monitoring environments that rely on accurate and reliable network packets. Leveraging the NetQuest OMX platform’s software-defined architecture enables feature flexibility and support for multiple operational modes on common hardware across high-density 10G, 25G, 40G, 100G and 400G ports.

The Packet Services Broker identifies, prioritizes, and optimizes packet flow traffic at wire-speed to deliver only relevant packets for analysis and storage activities. This dramatically reduces the packet processing burden on upstream tools to facilitate faster analysis and enable more efficient packet recording.

The Packet Services Broker empowers organizations to break-through the high costs, performance barriers, and packet processing limitations of smart packet broker systems to improve the integrity and value of monitored network traffic.

True Wire-Speed
Packet Optimization

Optimize every packet in every flow to deliver only relevant packets to tools and packet capture to improve monitoring scalability.

Massive Performance
at Scale

3.2 Tbps of advanced packet optimization services in 1RU delivers the highest available level of scale and performance for any monitoring environment.

Deployment
Flexibility

Works with any Packet Broker or traffic aggregator to add advanced packet optimization services to your existing visibility fabric.

Reduce Unwanted Packet Traffic
by up to 80%

With an ever-expanding attack surface, keeping up with the speed and volume of today’s network traffic has become mission critical. The continuous monitoring of network traffic on a single 100G link can generate up to 45 Terabytes (TB) of packet traffic per hour, which is more than 1 Petabyte (PB) of traffic per day. When monitoring 16x 100G links, raw packet traffic can reach 720 Terabytes per hour and more than 17 Petabytes per day.

Can your packet capture device keep up?

The Packet Services Broker provides the density, performance and packet optimization capabilities needed to inspect and optimize Petabytes of network packets per hour for both clear and encrypted traffic. Depending on the network traffic profile and analysis goals, packet optimization can off-load from 50-80% of unwanted packet traffic to improve the integrity and increase the value of monitored network traffic to maximize security and network visibility.

Eliminating unwanted packet traffic improves monitoring efficiency and delivers significant operational value

  • Reduce storage requirements and increase packet retention times
  • Maximize security and monitoring tool performance for more efficient processing
  • Reduced packet noise optimizes analysis and speeds historical forensics
  • Support lower speed tool interface ports when upgrading network link speeds
  • Prolong the deployable life of existing slower speed tools and defer upgrades
  • Optimize packet backhaul traffic to increase transport capacity and reduce WAN costs

Highest Density and Throughput To Meet
Peak Processing Requirements

The NetQuest Packet Services Broker delivers ultra-scale packet processing with higher port density, greater capacity and more optimization services at a lower cost per processed bit than comparable smart packet brokers.

Leveraging the NetQuest OMX platform’s FPGA powered distributed pipeline processing architecture, the Packet Services Broker inspects every packet of every flow in a single pass without consuming multiple analysis ports for each optimization service.

Packet processing performance is based upon actual monitored network traffic bandwidth and is not limited by packet size, packet rate or which features are activated. Deep Packet Inspection services are performed for IPv4 and IPv6 traffic at wire-speed with all features and filters turned on, so the Packet Services Broker can inspect and optimize more than 34 petabytes of network traffic per day with no dropped packets or data loss.

Predictable Performance

All packet optimization services can be active simultaneously with no performance limitations

No Dropped Packets

Every packet of every flow is inspected in hardware and processed and delivered to upstream tools

No Traffic Recirculation

All packets are processed in one pass without recirculating traffic for multiple optimization services eliminating undesirable packet service latency

Distributed Processing Scales
Performance

The modular OMX chassis leverages a controllerless, distributed processing architecture that supports up to four 8-port DP modules in 1RU.

Each DP module adds incremental port capacity with a dedicated FPGA packet processing engine to assure 100% performance for every port at scale. This reduces services latency from centralized shared processing engines and allows the port density and processing scale to be matched to meet the packet processing requirements of the monitored environment.

Each DP module can support different operational modes and ports can configured for different interface speeds or break-outs providing flexibility to support a wide-range of deployment needs. Each module can be independently provisioned to isolate and containerize monitored packet traffic for tenant-like models to meet regulatory or operational requirements.

Unique Port-Splitting Architecture
Doubles Port Capacity

When port density matters, the NetQuest Packet Services Broker can receive, process, and return optimized packets on the same physical port.

When activated, each physical port is split into two separate physical interfaces. As a result, the full-duplex port is receiving inbound traffic to be optimized on the RX side and uses the TX side to send optimized traffic back to the NPB platform or directly to upstream tools.

This unprecedented flexibility doubles the Packet Service Broker’s density to up to 32x 40/100G input ports (ingress traffic) and 32x 40/100G conditioned traffic output ports (egress traffic) – resulting in up to 64x 40/100G total ports with 6.4 Tbps of aggregate bi-directional wire-speed throughput in a single rack unit.

Capabilities

Multi-Stage Adaptive Filtering

Multi-Stage
Adaptive Filtering

Identify and filter traffic inside multiple layers of tags and encapsulation based upon protocol or application to optimize packet delivery to tools.

High-Scale Prefix/
Port Filtering

High-Scale Prefix
and Port Filtering

High-scale prioritization of traffic, IP address and IP CIDR filtering to identify traffic classes to send or drop with over 1.2 million IP filters.

Encrypted Traffic Optimization

Encrypted Traffic
Optimization

Identify and optimize encrypted traffic by only passing encrypted traffic handshake details for SSH, HTTPS, TLS and QUIC and discard encrypted payloads.

Tunnel Decapsulation

Tunnel
Decapsulation

Decapsulate and discard tunnel protocol headers and forward
only inner packets to tools for
recording or analysis.

Header
Stripping

Header
Stripping

Remove up to 7 layers of protocol headers and tagging to reveal
inner payload for optimized
analysis and recording.

Adaptive
Flow Slicing

Adaptive
Flow Slicing

Forward initial packets of a flow then truncate specific flow-types to remove payloads that are unmonitorable.​

Packet
Slicing

Packet
Slicing

Configurable packet truncation to remove payloads reducing packet volume to improve capture and analysis efficiency or support compliance requirements.

Source Port Labeling

Source Port
Labeling

Add labels to packets to identify the port or add source context to packets enabling tools to better assess behaviors and threats.

Time
Stamping

Time
Stamping

Add time stamps to packet flow
traffic at ingress for upstream tools.

Tunnel Creation/
Termination

Tunnel Creation/
Termination

Terminate ingress traffic tunnels
and encapsulate output traffic as
may be required to send via
routed networks.

Packet Deduplication

Packet
Deduplication

Identify and remove duplicate
packets collected from different monitoring points based on
user-definable criteria.

Flow Metadata Generation

Flow Metadata Generation

High-scale 1:1 unsampled IPFIX metadata generated from the same packet flow traffic received for optimization services.

Encrypted Traffic Recognition and Optimization

As much as 80% of network traffic is encrypted, presenting many challenges for network monitoring and analysis activities.

The Packet Services Broker automatically recognizes encrypted traffic and applies user definable actions to drop or optimize encrypted traffic for upstream tools without the need for slow and expensive decryption.

Examples of user definable actions include:

  • Identify and truncate encrypted traffic with Adaptive Flow Slicing and only forward header and handshake packets
  • Drop all low-value encrypted traffic based on IP prefix list or service type
  • Forward only specific encrypted traffic types, such as SSH, and drop all other encrypted traffic

Eliminating unwanted encrypted traffic significantly reduces the processing burden on upstream tools by only delivering useable packets, which dramatically reduces packet capture storage and increases traffic retention times. This empowers sophisticated threat hunting missions to more quickly identify emerging threats and pinpoint indicators of compromise.

IPFIX Flow Metadata Generation

When NetFlow or IPFIX Flow Metadata is required, the Packet Services Broker can deliver 1:1 unsampled IPFIX Metadata at ultra-high-scale while simultaneously forwarding optimized packets.

When activated, metadata is created at the same time as the packet traffic is processed and can include standard layer 2/3/4 NetFlow-like metadata or can be enriched with layer 4-7 advanced application, protocol, and encrypted traffic details.

Metadata is delivered as a separate IPFIX output stream and can be distributed to up to 16 different flow collectors to support multiple flow-based monitoring platforms and use cases. Packet traffic and metadata can be cross-tagged to enable the correlation of metadata to packets in upstream tools to simplify drill-down and forensic workflows.

Leveraging a single appliance for Packet Optimization and IPFIX metedata generation simplifies the network instrumentation architecture and reduces the TCO and operational complexities associated with managing multiple probes and sensors.

Deployment Examples

The NetQuest Packet Services Broker brings invaluable packet optimization capabilities that enable security and network operations teams to more efficiently monitor massive volumes of network traffic.  The NetQuest Packet Services Broker outperforms most integrated smart services modules and stand-alone packet optimization appliances by more than 2x with a lower cost to deploy and higher port densities.

The Packet Services Broker is extremely versatile and can be leveraged in a wide range of deployment scenarios. It can be deployed as a stand-alone appliance in-front of packet capture, security and analytics tools or can be easily integrated with virtually any Network Backet Broker or Traffic Aggregator appliance to provide advanced packet optimization services.

Intelligent Service Node for
Network Packet Brokers

The NetQuest Packet Services Broker can be easily
integrated into virtually any Monitoring Fabric,
Traffic Aggregation or Network Packet Broker
architecture to add high-performance, ultra-scale Advanced Packet Optimization services.

Off-Load Advanced Services for
Smart Packet Brokers

The NetQuest Packet Services Broker can be added to the NPB service chain to off-load or augment existing packet services that have reached their performance limits. This eliminates the need to add smart services modules, replace chassis or upgrade control modules to support higher speed links, increase port densities or add optimization capacity.

Optimize Packet Traffic Feeding
into the Network Packet Broker

The NetQuest Packet Services Broker can be placed in front of existing Network Packet Brokers or Traffic Aggregators to optimize the packet traffic being fed into the visibility fabric. This scales existing NPB deployments and increases capacity ensuring only the desired packet traffic is introduced to the NPB for distribution.

Optimize Network Traffic for
Capture and Security Tools

Deploy the NetQuest Packet Services Broker in front of packet capture and security tools to optimize inbound traffic to improve storage and traffic processing efficiency. Collect traffic directly from TAP and SPAN connections and deliver relevant traffic to tools at a fraction of the cost of smart packet broker systems with significantly higher throughput and optimization capacities.

The NetQuest Advantage

Resources

Optimizing Suricata Solution Brief