Combination of Cubro packet brokers and Netcope zero-loss packet capture solutions makes expense reduction with no network monitoring compromises possible.
Increasing volume of traffic has always been a challenge for data service providers, ISPs, large enterprise network managers and other network administrators. This constant demand for higher and higher bandwidth means increasing costs and the necessity of developing faster hardware.
It is possible to cut costs with packet brokers that can aggregate traffic from many 1G and 10G links and cleverly distribute it to a couple of 100G links. Fewer security appliances are then needed to monitor the traffic. However, only high-performance hardware can handle 100G Ethernet with 100% packet capture rate. This is where Netcope packet capture solutions come into play. We have decided to explore a possibility of building such an efficient high-density solution and to test interoperability between Cubro Packetmaster EX 48400 and Netcope network adapters.
For the tests to be successful, we had to achieve lossless full 100Gbps throughput using either 100G LR4 optical module or the more budget friendly 100G SR4 optical module:
Test 1: connecting NFB-100G2C to one 100G port of Cubro EX48400, in loopback mode, using 1 optical module.
Test 2: connecting NFB-100G2C to two 100G ports of Cubro EX48400, internally interconnected, using 2 optical modules, each connected to one side of the link.
Test 3: connecting NFB-100G1, NFB-100G2C and Spirent TestCenter through two 100G ports of Cubro EX48400.
We have achieved these results:
Test 1: zero-loss transmission achieved on default settings of EX48400 with SR4 optics.
Test 2: zero-loss transmission achieved after setting interfaces to unidirectional mode on EX48400. We have also been able to set up unidirectional mode and thus we have opened up a possibility of creating a network tap.
Test 3: the main contribution of the 3rd test is that we have successfully tested interoperability using 3rd party product, Spirent TestCenter. With this traffic generator we have also been able to test interoperability while transmitting different types of traffic.
The combination of Cubro packet brokers and Netcope FPGA-based packet capture solutions offers variety of possibilities. The packet broker can collect traffic from up to 48 1G or 10G links, aggregate and load balance it over 100G links and send it to network probes powered by Netcope packet capture cards. Thanks to the Cubro packet broker it is possible to supplement multiple 10G network probes with a single 100G probe. And if the probe contains Netcope zero-loss packet capture solution, it can handle all the aggregated traffic. Even at wire speed and under any and all circumstances.
This combination offers reduction in operational expenditures, i.e. cooling, power consumption, rack space and downtime expenses. It also dramatically reduces hardware and software purchasing expenses. There are many possible use cases and advantages, but the principle remains the same: the possibility of building a high-density solution that enables clever and efficient network monitoring and security. Executives of major cybersecurity companies agree:
“When building a network monitoring solution, it is always good to keep the number of appliances as low as possible, because the less complex the solution is, the less power and rack space it consumes. Combining Cubro packet brokers and network monitoring appliances containing Netcope network adapters is a very smart approach to the complexity reduction of the desired solution. ” says Martin Hayes, CTO of Picomass.
“Several of our network monitoring products use Netcope cards, so this is definitely good news for us. Since this combination creates another opportunity for our probes to realize their full 100G potential, our customers now have one less reason to hesitate when buying the probes” says Jiří Tobola, VP of Sales of Flowmon Networks.