Cloud computing and software-defined networking (SDN) have made development and operations teams far more aware of the importance of their networking infrastructure than ever before. In the age of DevOps, private, hybrid, and public cloud computing - the network is the fabric that holds the compute infrastructure together.
Furthermore, in a 'virtualized everything' environment, it is assumed that the network infrastructure and capacity can 'auto-magically' expand and contract to meet business demands, that performance and capacity are infinite resources, and that systems are always available and 100% operational.
Suffice it to say, these forces have made network management and monitoring fundamentally more challenging. Today's development and operations teams need infrastructure and monitoring tools that can provide real-time visibility and control of these new and increasingly complex demands.
Reconfigurable Frame Processor(s)
Frame Processors, occasionally referred to as next-generation packet brokers (NPBs), are a new class of highly intelligent virtual switches. At a very basic level, the Frame Processor is a robust distribution and filtering solution placed between multiple network TAPs and analytic, monitoring, and security (AMS) tools. Frame Processors provide a combination of functionality that includes aggregation, filtering, monitoring, load balancing, and traffic regeneration.
These devices can additionally copy or redirect network traffic to any combination of port mappings: sending one type of network traffic to many AMS tools (one-to-many), sending multiple types of network traffic to one AMS tool (many-to-one), or sending many types of network traffic to many AMS tools (many-to-many). Consequently, the Frame Processor is an essential distribution tool for network engineers, test engineers, and security and operations teams who need to analyze and control traffic on their test and production networks. With Frame Processors, operations, test, and security teams have true end-to-end visibility and control over network traffic.
Reconfigurable Frame Processors are the Next-Generation NPB
So, while Frame Processors clearly provide compelling traffic engineering benefits and flexibility for getting the most out of AMS platforms; why are they considered a Next-Generation NPB? Let's review a next generation packet broker.
What is a next-generation packet broker?
A next generation packet broker (NPB) is a hardware or software application designed to improve network visibility. The NPB taps live network traffic and delivers that traffic to other system tools - either inline network and security or out-of-band tools - for analysis of the packet contents related to network performance operations, cybersecurity and threat intelligence.
The next generation packet broker is placed between an enterprises’ infrastructure and tools/application layer. The NPB identifies and detects packet information from the header to its payload, at a network protocol level for aggregation, de-duplication, intelligent filtering, slicing of the packet, de-encapsulation/re-encapsulation, masking, intelligent redistribution - for analysis and decision. A next generation packet broker increases network visibility for on-premise, hybrid, and public, private and cloud deployments. A traditional network packet broker is a static device; it is deployed as a point solution for filtering, replicating or routing data into AMS tools.
Frame Processors are different
Frame Processors are different; they are designed to be dynamic in nature. Frame Processors are designated with both north and southbound interfaces so they don't just send traffic to the AMS, but they can also receive instructions from AMS platforms. These instructions come via telemetry or API communications between the Frame Processor and the AMS platforms, thus allowing instantaneous changes on the network based on input from the AMS.
With this approach, we now find ourselves with far more powerful capabilities; the Frame Processor can not only (just) filter and distribute data, but can also (under the direction of the AMS) reach back and take action on the network. This new dynamic two-way approach is the principal value that the Frame Processor delivers to users, and why it is considered a Next-Generation NPB. A Frame Processor provides the groundwork for policy enforcement and adaptive remediation, which allows AMS platforms to not only selectively receive and analyze traffic but reactively make changes to how the network operates.
Why This Matters
Information is power, and it is at the core of any business enterprise. However, as the old adage goes: "Old news is no news." The same holds true of network monitoring and decision making: The older the information (in this case network data), the less useful and valuable it is for making accurate and informed decisions, as well as solving problems. Until now, available tools have been woefully insufficient in their ability to turn actionable intelligence into real-time policy enforcement or remediation; this is no longer the case with Frame Processors.
Frame Processors allow for actions to take place in real-time through machine-to-machine (M2M) communication. With a Frame Processor in the mix, AMS platforms can IMMEDIATELY respond to suspect or malicious traffic on the network. Analytics can now identify a threat, reach back in the network through the Frame Processor, and immediately take action.
Here are a few examples of the action that can be taken in this Next-Generation approach:
- Shunt traffic to ground
- Send traffic to a honeypot (or any other device) for further investigation
- Reroute traffic to a different area of the network
- Block specific IP addresses (or range of IP addresses)
- Block specific mac addresses
- Block users from reaching out to specific DNS addresses
- Replicate the traffic and send to multiple analytics for further analysis
These actions can be taken immediately by the analytics themselves, without requiring engineering personnel or analysts to decide what to do based on an alert that they receive (once they wade through all of the other alerts they receive on a daily basis, of course!).
Thanks to the Reconfigurable Frame Processor, there is a brighter future for network threat response times (or network performance remediation times). Wire-speed monitoring, machine-to-machine communications, and continuous decisioning technologies allow organizations to get the information they need, and make the decisions that can transform how their business operates.