top of page
Technology
Products
NPB
NetTAP offers various models of NPB products to optimize, manage, and distribute network traffic to monitoring, security, and analysis tools. Our core value: enhancing network visibility, reducing tool load, and improving security infrastructure efficiency.
Powerful performance comes from programmable silicon. Our system architecture features programmable traffic processors, enabling flexible adaptation to agile, changing environments. Handles new protocols and performs DPI signature-based identification and filtering.
Network Packet Brokers
Full east-west coverage of all data collection
To meet the requirements for traffic acquisition in scenarios of security, business, and big
data analysis.
Visual and controll- able traffic data con- vergence
Flexible debugging
Multi-dimensional detailed presentation of the traffic of any node
From traffic to the extraction of data value
Basic product functions
・Replication/Aggregation
The 10GE, 40G, and 100G line-speed forwarding of the original input traffic and the preprocessed traffic from 1 signal to N signals or from N signals to M signals perfectly solves the demand for simultaneously deploying more than two multi-port monitoring bypass devices in the network.
・Filtering
Accurately classify the input data stream, and discard or forward different data services to multiple interface outputs according to the rules of the whitelist or blacklist. It supports flexible combinations based on elements such as Ethernet type, VLAN tag, IP five-tuple, TCP flag, and message features, further meeting the deployment requirements of various network security devices, protocol analysis, signaling analysis, and other traffic monitoring. 。
・Load-balancing
Load balancing based on the inner and outer layer features of L2-L4 is carried out through Hash algorithm to ensure the session integrity of the data stream received by the bypass monitoring device. Meanwhile, when the link status changes, the members of the port group for traffic diversion can flexibly exit or join , and the traffic diversion group automatically redistributes the traffic to guarantee the dynamic load balancing of the output traffic of the ports.
・VLAN tagging / replacement / deletion
Supports one or two layers of VLAN tagging, replacement and deletion of VLAN tags for original data packets, and implements traffic output policies based on user configuration.Supports one or two layers of VLAN tagging, replacement, and removal of VLAN tags for original data packets, and implements traffic output policies based on user configuration. .
・Time Stamping
After the NTP server synchronizes the time, it writes the time tag in the form of relative time into the message, with a time precision of nanoseconds.
・Header Stripping
Support the stripping of VxLAN, GRE, ERSPAN, MPLS, IPinIP, GTP, Fabric path, VN-tag, and Trill headers from the original data packets for output.
・Packet Slicing
Support slicing of the original data based on policy-level (64-1518 bytes are optional), and the implementation of traffic output policies can be determined according to user configuration.
・SSL Decryption
Support SSL decryption. The device needs to import the corresponding SSL key certificate to decrypt the specified traffic and output it to the backend monitoring and analysis systems as required. The device can complete the decryption of static encrypted messages of TLS1.0, T LS1.2, and SSL3.0 when working in bypass mode.
・Tunnel Protocol Identification
It can automatically identify various tunnel protocols such as VxLAN, GRE, ERSPAN, MPLS, IPinIP, GTP, etc. According to user configuration, it can decide to implement traffic output policies based on the inner or outer layer characteristics of the tunnel.
・De-duplication
Support comparison of data from multiple collection sources based on port or policy-level statistical granularity, and remove duplicates of the same data packets collected within a specified time.ack, dst.mac, src.mac, vlan.id) for comparison to achieve de-duplication.
・Masking
Support the replacement of any key fields within the original data based on policy-level granularity to achieve the purpose of masking sensitive information. The implementation of traffic output policies can be determined according to user configuration.
・Application layer protocol identification
It adopts a multi-core intelligent processing engine, which can achieve application layer protocol identification and filtering diversion output. The existing feature library can support the identification of common application layer protocols, such as FTP, HTTP, POP, SMTP, DNS, NTP, BitTorrent, Syslog, MySQL, MSSQL, etc. If there are special requirements, secondary development can also be carried out.
・Video stream filtering
Support the identification and filtering of video stream data. Through flexible identification and matching methods such as domain name address resolution, video transmission protocol, URL, video format, etc., it can filter out the video stream data that users do not care about, reducing the traffic receiving pressure of the analysis and monitoring system and improving the processing efficiency of useful data.
bottom of page