Chengdu Shuwei Communication Technology Co., Ltd.

In today's complex, high-speed, and often encrypted network environments, achieving comprehensive visibility is paramount for security, performance monitoring, and compliance. Network Packet Brokers (NPBs) have evolved from simple TAP aggregators into sophisticated, intelligent platforms that are essential for managing the flood of traffic data and ensuring monitoring and security tools operate effectively. Here's a detailed look at their key application scenarios and solutions:   Core Problem NPBs Solve: Modern networks generate massive volumes of traffic. Connecting critical security and monitoring tools (IDS/IPS, NPM/APM, DLP, forensics) directly to network links (via SPAN ports or TAPs) is inefficient and often infeasible due to:  Tool Overload: Tools get swamped with irrelevant traffic, dropping packets and missing threats. Tool Inefficiency: Tools waste resources processing duplicate or unnecessary data. Complex Topology: Distributed networks (Data Centers, Cloud, Branch Offices) make centralized monitoring challenging. Encryption Blind Spots: Tools cannot inspect encrypted traffic (SSL/TLS) without decryption. Limited SPAN Resources: SPAN ports consume switch resources and often cannot handle full line-rate traffic.   NPB Solution: Intelligent Traffic Mediation NPBs sit between network TAPs/SPAN ports and the monitoring/security tools. They act as intelligent "traffic cops," performing:  Aggregation: Combine traffic from multiple links (physical, virtual) into consolidated feeds. Filtering: Selectively forward only relevant traffic to specific tools based on criteria (IP/MAC, VLAN, protocol, port, application). Load Balancing: Distribute traffic flows evenly across multiple instances of the same tool (e.g., clustered IDS sensors) for scalability and resilience. Deduplication: Eliminate identical copies of packets captured on redundant links. Packet Slicing: Truncate packets (removing payload) while preserving headers, reducing bandwidth to tools that only need metadata. SSL/TLS Decryption: Terminate encrypted sessions (using keys), presenting clear-text traffic to inspection tools, then re-encrypting. Replication/Multicasting: Send the same traffic stream to multiple tools simultaneously. Advanced Processing: Metadata extraction, flow generation, timestamping, masking sensitive data (e.g., PII).   Detailed Application Scenarios & Solutions: 1. Enhancing Security Monitoring (IDS/IPS, NGFW, Threat Intel): Scenario: Security tools are overwhelmed by high volumes of East-West traffic in the data center, dropping packets and missing lateral movement threats. Encrypted traffic hides malicious payloads. NPB Solution: - Aggregate traffic from critical intra-DC links. - Apply granular filters to send only suspicious traffic segments (e.g., non-standard ports, specific subnets) to the IDS. - Load balance across a cluster of IDS sensors. - Perform SSL/TLS decryption and send clear-text traffic to the IDS/Threat Intel platform for deep inspection. - Deduplicate traffic from redundant paths. Result: Higher threat detection rate, reduced false negatives, optimized IDS resource utilization.   2. Optimizing Performance Monitoring (NPM/APM): Scenario: Network Performance Monitoring tools struggle to correlate data from hundreds of dispersed links (WAN, branch offices, cloud). Full packet capture for APM is too costly and bandwidth-intensive. NPB Solution: - Aggregate traffic from geographically dispersed TAPs/SPANs onto a centralized NPB fabric. - Filter traffic to send only application-specific flows (e.g., VoIP, critical SaaS) to APM tools. - Use packet slicing for NPM tools that primarily need flow/transaction timing data (headers), drastically reducing bandwidth consumption. - Replicate key performance metrics streams to both NPM and APM tools. Result: Holistic, correlated performance view, reduced tool costs, minimized bandwidth overhead.   3. Cloud Visibility (Public/Private/Hybrid): Scenario: Lack of native TAP access in public clouds (AWS, Azure, GCP). Difficulty capturing and directing virtual machine/container traffic to security and monitoring tools. NPB Solution: - Deploy virtual NPBs (vNPBs) within the cloud environment. - vNPBs tap virtual switch traffic (e.g., via ERSPAN, VPC Traffic Mirroring). - Filter, aggregate, and load balance East-West and North-South cloud traffic. - Securely tunnel relevant traffic back to on-premises physical NPBs or cloud-based monitoring tools. - Integrate with cloud-native visibility services. Result: Consistent security posture and performance monitoring across hybrid environments, overcoming cloud visibility limitations.   4. Data Loss Prevention (DLP) & Compliance: Scenario: DLP tools need to inspect outbound traffic for sensitive data (PII, PCI) but are inundated with irrelevant internal traffic. Compliance requires monitoring specific regulated data flows. NPB Solution: - Filter traffic to send only outbound flows (e.g., destined for the internet or specific partners) to the DLP engine. - Apply deep packet inspection (DPI) on the NPB to identify flows containing regulated data types and prioritize them for the DLP tool. - Mask sensitive data (e.g., credit card numbers) within packets before sending to less critical monitoring tools for compliance logging. Result: - - More efficient DLP operation, reduced false positives, streamlined compliance auditing, enhanced data privacy.   5. Network Forensics & Troubleshooting: Scenario: Diagnosing a complex performance issue or breach requires full packet capture (PCAP) from multiple points over time. Triggering captures manually is slow; storing everything is impractical. NPB Solution: - NPBs can buffer traffic continuously (at line rate). - Configure triggers (e.g., specific error condition, traffic spike, threat alert) on the NPB to automatically capture relevant traffic to a connected packet capture appliance. - Pre-filter the traffic sent to the capture appliance to store only what's necessary. - Replicate the critical traffic stream to the capture appliance without impacting production tools. Result: Faster mean-time-to-resolution (MTTR) for outages/breaches, targeted forensic captures, reduced storage costs.   Implementation Considerations & Solutions: Scalability: Choose NPBs with sufficient port density and throughput (1/10/25/40/100GbE+) to handle current and future traffic. Modular chassis often provide the best scalability. Virtual NPBs scale elastically in the cloud. Resiliency: Implement redundant NPBs (HA pairs) and redundant paths to tools. Ensure state synchronization in HA setups. Leverage NPB load balancing for tool resilience. Management & Automation: Centralized management consoles are crucial. Look for APIs (RESTful, NETCONF/YANG) for integration with orchestration platforms (Ansible, Puppet, Chef) and SIEM/SOAR systems for dynamic policy changes based on alerts. Security: Secure the NPB management interface. Control access rigorously. If decrypting traffic, ensure strict key management policies and secure channels for key transfer. Consider masking sensitive data. Tool Integration: Ensure the NPB supports the required tool connectivity (physical/virtual interfaces, protocols). Verify compatibility with specific tool requirements.   Network Packet Brokers are no longer optional luxuries; they are fundamental infrastructure components for achieving actionable network visibility in the modern era. By intelligently aggregating, filtering, load balancing, and processing traffic, NPBs empower security and monitoring tools to operate at peak efficiency and effectiveness. They break down visibility silos, overcome the challenges of scale and encryption, and ultimately provide the clarity needed to secure networks, ensure optimal performance, meet compliance mandates, and rapidly resolve issues. Implementing a robust NPB strategy is a critical step towards building a more observable, secure, and resilient network.  

In today’s hyper-connected digital landscape, enterprises face unprecedented challenges in monitoring, securing, and optimizing their networks. ​NetTAP, a leader in network visibility solutions, addresses these demands with its cutting-edge ​Network TAPs and ​Network Packet Broker (NPB) devices. Engineered for ​bypass deployment, these tools empower organizations to capture, preprocess, and analyze raw traffic data with surgical precision—without disrupting network operations.   ​Core Technology: Bypass Deployment & Intelligent Preprocessing NetTAP’s solutions operate in ​passive monitoring mode, mirroring or splitting traffic via optical or electrical methods to ensure zero impact on production networks. Once raw data is captured, the built-in ​preprocessing engine transforms it into actionable insights through: ​Feature Category ​Key Capabilities ​Traffic Classification Protocol recognition (e.g., HTTP/3, QUIC, IoT protocols), application identification ​Data Optimization Deduplication, SSL/TLS decryption, tunnel decapsulation (VXLAN, GTP), data slicing ​Security Processing Keyword matching, PII/PCI data masking, payload filtering ​Traffic Distribution Load balancing, replication to 10+ tools (SIEM, NDR, APM), aggregation   This granular preprocessing ensures that downstream systems receive only ​high-fidelity, context-rich data, maximizing ROI on security and analytics investments.   ​6 Key Applications of NetTAP’s Solutions ​Use Case ​NetTAP Solution ​Key Benefits ​Data Center Traffic Monitoring East-West/North-South traffic mirroring + threat detection Zero Trust compliance, reduced attack surface ​Business Performance Analytics Metadata extraction for SLA monitoring & app optimization 30% faster root cause analysis ​IT Infrastructure Health Bandwidth utilization tracking & misconfiguration alerts 99.9% network uptime ​Background Traffic Cleansing Non-critical data filtering (e.g., backups, streaming) 50% reduction in monitoring tool workload ​Centralized Bypass Governance Unified dashboard for distributed network visibility 80% faster compliance reporting ​Emerging Protocol Support Auto-update for 5G, IoT, and encrypted protocol recognition Future-proof architecture   ​Why NetTAP Stands Out in Network Visibility ​Differentiator ​Technical Specification ​Scalability Supports 1G/10G/25G/40G/100G networks; virtual/physical deployment options ​Compliance GDPR, HIPAA, PCI-DSS via data anonymization & encrypted traffic analysis ​Tool Integration Splunk, Elastic, Wireshark, Kafka, and custom API compatibility ​Performance

In the fast-paced network world, the demand for high-performance solutions capable of handling large amounts of data traffic continues to grow. As organizations strive to optimize their network infrastructure, the role of Network Packet Brokers (NPBs) becomes increasingly important. These devices act as intelligent traffic managers, providing visibility, control, and optimization of network data. In this blog, we will take a deep dive into a cutting-edge NPB solution with an amazing 1.8Tbps capacity, 6* 40GE/100GE QSFP28 slots and 48* 10GE/25GE SFP28 slots, and a suite of advanced features including DPI packet analysis, NetFlow export, timestamping, deduplication, slicing, and masking.   The need for a high-performance network packet broker   In today's digital environment, networks are flooded with massive amounts of data, from critical business transactions to multimedia content and IoT device communications. Efficiently and effectively managing these data flows is critical to ensuring network security, performance, and compliance. This is where high-performance network packet brokers come into play. By intelligently filtering, aggregating, and distributing network traffic, NPBs enable organizations to gain comprehensive visibility into their network activity, troubleshoot issues, and optimize performance.   Launched 1.8Tbps network packet broker solution   The 1.8Tbps NPB solution represents a major leap forward in network traffic handling capabilities. Equipped with 6 40GE/100GE QSFP28 slots and 48 10GE/25GE SFP28 slots, this powerful device is designed to meet the demands of modern high-speed networks. Whether handling large amounts of data transfer between data centers or managing the complex traffic patterns of cloud environments, this NPB solution is designed to deliver uncompromising performance.   Advanced features for enhanced network visibility and control   In addition to its impressive throughput capabilities, the 1.8Tbps NPB solution is equipped with a range of advanced features that take its capabilities to the next level. Deep Packet Inspection (DPI) enables granular analysis of network traffic, enabling organizations to identify and respond to potential security threats, performance bottlenecks, and compliance issues. NetFlow export functionality provides valuable insights into network traffic patterns, aiding capacity planning, troubleshooting, and optimizing network resources.   Additionally, the addition of timestamping, deduplication, slicing, and masking capabilities enables organizations to fine-tune their network monitoring and analysis processes. Timestamping ensures accurate sequencing of network events, facilitating forensic analysis and compliance audits. Deduplication eliminates redundant packets, optimizing the utilization of monitoring and analysis tools. Slicing and masking isolate and anonymize specific network traffic, ensuring data privacy and complying with regulatory requirements.   Practical applications and advantages   The 1.8Tbps NPB solution is expected to have a significant impact on numerous industries and use cases. In the financial sector, where real-time transaction monitoring and compliance are critical, this high-performance NPB can provide the necessary visibility and control to ensure secure and efficient operations. In the healthcare industry, the advanced capabilities of the NPB solution can help securely transmit and analyze sensitive patient data while maintaining compliance with strict privacy regulations.   For cloud service providers and large enterprises, the ability to accurately and efficiently handle large amounts of data traffic is a game-changer. The 1.8Tbps NPB solution can be seamlessly integrated into complex network architectures, providing the scalability and flexibility required to adapt to changing business needs. By optimizing network visibility and control, organizations can enhance their security posture, improve operational efficiency, and provide customers with an excellent user experience.   Looking Ahead: The Future of Network Packet Brokers   As the digital landscape continues to evolve, the role of network packet brokers will become even more important. The need for high-performance solutions that can handle the growing volume and complexity of network traffic will drive further innovation in the NPB space. From enhanced analytics and machine learning capabilities to seamless integration with emerging technologies such as 5G and IoT, the future of NPBs holds tremendous potential in shaping the next generation of network infrastructure.   In summary, the 1.8Tbps NPB solution represents a significant milestone in the evolution of network packet brokers. With its unmatched throughput capabilities and advanced feature set, this powerful appliance promises to provide organizations with the visibility, control, and optimization capabilities they need to thrive in the digital age. As the demand for high-performance network solutions continues to grow, the role of NPBs will continue to play a critical role in shaping the future of network infrastructure.

Network Packet Broker (NPB) and Network TAP are two different technologies in network monitoring and management. Each of them has different roles and functions.   Network (TAP)Test Access Point A network TAP is a hardware device that provides a direct and accurate way to replicate the actual packets flowing in the network for monitoring and analysis purposes. Taps are typically deployed at critical nodes of the network, such as switches, routers, or near servers, in order to capture packets flowing through these nodes. The main features of network TAP are:   Data replication: TAP is able to losslessly replicate network traffic, ensuring that the data received by the analysis tool is exactly the same as the original network traffic. Independence: As an independent hardware device, TAP will not interfere with or affect the normal operation of the network. Flexibility: TAP supports multiple types of network traffic capture, including full packet capture and deep packet inspection.   Network Packet Broker(NPB) Unlike network taps, a network packet broker is a higher level device that sits between TAP and SPAN (port mirroring) points and analysis tools and is responsible for directing raw packets to required security, monitoring, and performance devices. The main functions of NPB are:   Data Distribution: NPB is able to intelligently distribute data packets to multiple analysis tools, ensuring that each tool receives the data it needs. Filtering and transforming: NPB can filter and transform packets as needed to meet the requirements of different analysis tools. Centralized management: NPB provides the ability to centrally manage multiple TAP and SPAN points, simplifying the network monitoring and management process.   What's the difference between network packet broker and network tap? The main differences: Functional level: Network TAP mainly focuses on data replication and capture, while network packet broker focuses more on data distribution, filtering and transformation. Deployment location: Network taps are usually deployed on critical nodes of the network to directly capture packets. However, the network packet broker acts as a "mediator" between the TAP and SPAN points and the analysis tool. Management complexity: Network TAP is relatively simple and mainly focuses on data capture. However, the network packet broker provides higher level management functions, such as centralized management, intelligent distribution, etc.   In summary, network packet broker and network test access point each play different roles in network monitoring and management. Network TAP provides accurate data replication function, which is the basis of network monitoring. The network packet agent improves the efficiency and flexibility of network monitoring through intelligent data distribution and management functions. When choosing which technique to use, there are trade-offs to be made based on the specific network environment and monitoring requirements.