Network Packet Brokers

Ixia Visibility Solutions provide real-time, end-to-end visibility, insight and security into physical, virtual, SDN and NFV based networks, delivering the control, coverage and performance in a seamless fashion to protect and improve crucial networking, data center and cloud business assets.

Industry leading Ixia Network Packet Brokers (NPB) deliver intelligent, sophisticated and programmable network flow optimization providing visibility and security coverage to businesses assets and help IT teams quickly resolve application performance bottlenecks, trouble shoot problems, improve data center automation, better utilize expensive network analysis and security tools and help better business execution because of the improved understanding of the network and data center.

Ixia's best-in-class Vision portfolio of network packet brokers are easy-to-use, perform under pressure and offer true application intelligence.

NPBs help you focus on your tools
Key Features
  • Dedicated hardware acceleration provides a Zero packet loss architecture
  • Aggregation of traffic from multiple TAPs or SPAN ports
  • Filtering of traffic so that each monitoring or inline security tool receives exactly the right data
  • Load-balancing of traffic to multiple analysis tools
  • SSL decryption to quickly detect emerging threats encrypting exploits within application traffic
  • L7 application awareness efficiently allows for packet processing based on unique applications
  • Dynamic filter compiler handles all filter rule complexities automatically - no overlapping filter rule headaches
  Vision xStream 40 Vision E40 Vision E100 Vision 5236 Vision 5288 Vision ONE Vision 7300
  xStream 40 Vision Edge 40 Vision Edge 100 Vision 5236 Vision 5288 Vision ONE Vision 7300
Visibility Intelligence

NetStack
Robust filtering, aggregation, replication, and more

             

PacketStack
Intelligent packet filtering, manipulation and transport

             

SecureStack
Optimized handling for secure traffic

             

AppStack
Context aware, signature based application filtering

             
Chassis & Ports
Rack Units 1 1 1 1 2 1 7
1G/10G Support              
40G Support              
100G Support              
Mode of Operation
Inline Capable              
Out-of-Band Capable              
Simultaneous Inline & Out-of-Band              
Inline vs Out-of-Band

There are two different ways to deploy network packet brokers:

  1. Inline Security inspect live traffic before it hits your data center network. Tools are grouped serially before traffic enters your production data center enabling real-time traffic inspection and active threat prevention.

  2. Out-of-Band Monitoring provides Passive Traffic Inspection, detection and recording for routine analysis. Tools perform passive traffic inspection, detection, and recording for routine analysis. This model is used extensively in detailed threat analysis, but does not enable any active prevention safeguards or countermeasures.

Common Inline security tools include:

  • Intrusion prevention systems (IPS)

  • Firewalls and next-generation firewalls (NGFWs)

  • Data loss prevention (DLP) systems

  • Unified threat management (UTM) systems

  • SSL decryption appliances

Inline

Common out-of-band security tools include:

  • Intrusion detection systems (IDS)

  • Forensic tools

  • Data recording

  • Malware analysis tools

  • Log management systems

  • Packet capture (PCAP) tools

out of band

Network Packet Broker Capabilities

  • Performance
  • Ease of Use
  • True Intelligence
  • Performance

    Zero Packet Loss

    We have instrumented purpose-built dedicated hardware in our physical packet brokers to ensure zero packet loss, which ensures that your tools receive 100% of the packets they need to perform their job. Our packet brokers will NOT drop data due to congestion regardless of what features used or packet size

    Video: Performance Matters

    Simultaneous Features

    Unlike many competitor solutions where many features such as SSL decryption, NetFlow generation and packet trimming can’t work together in the same module, Ixia provides line-rate guarantee on any combination of features.

    Video: Network Visibility - Feature Compatibility Matters

    Active-Active Inline

    Active-Active is the predominant use case for inline security tool deployment. It performs load balancing during normal operation, and offers safe cut-over on failures.

  • Ease of Use

    Drag and Drop User Graphical Interface

    We offer an intuitive graphical user interface that allow users to easily define the connections and filter rules between network ports and tools. Configuration of the network is a simple point and click, drag and drop interface, where users can visually represent their network connection needs within minutes. 

    Video: Ease of Use

    Handles Filter Rule Complexities Automatically

    When it comes to creating and managing filters, Ixia's Dynamic Filter Compiler that takes care of the all the complexities of filter rules, allows users to tie any network port to any tool port without being concerned about existing filter logic in any other filter rules. This means that new filter rules can be added at will into existing filters and the Ixia Dynamic Filter compiler takes care of overlap resolution behind the scene

    Three Levels of Filter Logic

    When creating filter rules, you can add them at three levels: the ingress network ports, a dynamic filter in the middle, and tool filters at at egress. This multiple level of filtering offers natural AND and OR logic thus allow complex Boolean logic to filter traffic in the stringiest way to protect expensive tools from being overloaded.

    No Limits on Filter Types

    Finally, when managing filter rules, there are not restrictions to the advanced filtering features that can be utilized together. This means users can worry less about what they can and can not do, and focus more on their tools, and what they need to perform at highest levels. 

  • Application Intelligence

    Signature Based Application Detection

    We have a team of specialists that manage a database of application signatures that are regularly updated. These signatures allow us to more accurately detect applications, as well as allow for different application streams within applications to be filtered out. 

    Dynamic Pattern Identification

    Application traffic patterns are identified dynamically using Ixia’s patented technology. When a session cannot be identified with existing application signatures, the packet headers are sent to a special engine which identifies reusable patterns. Well-known services (applications) can also be identified based on their used port and protocol. 

    Detect Unknown Applications

    Using our database of known application allows the ability to identify unknown applications which can be used as a filter mechanism to send your security tools more relevant data.

    Filter on Application Group

    If you want to send all Email traffic, or Microsoft Office 365 documents to a specific monitoring, security or performance tool, no problem, we've made it easy to extract and send a different groups of applications data.

    Filter on Specific Application Traffic

    If you want to filter on specific applications, it's easy, just point-and-click. You can send Netflix streaming media data, or all Amazon EC2 or S3 data to your monitoring tools. Also, the application intelligence can go deep into applications to easily allow you to filter out different types of data types within an application. For example you can select different streaming media genres from Netflix, like Sci-Fi from Romantic or if you want to separate IMAP traffic from normal email traffic, it’s a simply point-and-click.