Specifications

Port Flexibility

  • 48 ports of 10GbE/1GbE SFP+
  • 4 ports of 40GbE QSFP+; optionally configured as 16 ports of 10GbE
  • All ports are bidirectional and fully non-blocking
  • Full line-rate across all ports
  • Extensive packet filtering capabilities, including:
    • Layer 2: MAC, VLAN, MPLS, or Ethertype
    • Layer 3: IPv4 or IPv6, source / dest / session, DSCP, IP Protocol
    • Layer 4: Port Number, TCP Control
    • New or proprietary protocols via powerful custom filters
  • Suitable for both inline and out-of-band deployments

Full-Rate Intelligent Packet Processing

  • Modify every packet at line-rate using any combination of Ixia’s Advanced Feature Module (AFM) operations:
    • Deduplication, trimming, timestamping, 1G burst protection and data masking
    • Head stripping includes VLAN, FabricPath, VNTag, GTP, MPLS, VxLAN, L2GRE, ERSPAN
    • L2GRE tunnel termination from vTAP
  • Flexibly assign 160Gbps total processing capacity to any port in 10Gbps increments

Inline-Specific Features

Supports failsafe serial service chaining, parallel load balancing with spares, or combined topologies

  • Customizable heartbeat (HB) support to detect and automatically recover from monitoring and security tool failures
    • Multiple HB templates allow each tool to have its own unique HB
    • Bypass switches and Vision ONE can have different HB so multi-tier design is possible to increase overall resilience
  • Two failure recovery modes
    • Rebalance sessions from the failed tool among all active and standby tools
    • Transition all active sessions from a failed tool group to next tool group in a service chain
    • Support tool sharing among multiple network links from different bypass switches connected to different customers

Ixia’s Application and Threat Intelligence (ATI) Processor

  • Performs DPI to identify traffic according to:
    • Application, geography, device information, and service provider
    • Application signatures are regularly updated via ATI subscription
  • SSL decryption supported ciphers:
    • 3DES
    • RC4
    • AES
    • SHA1/521/384/256/224
    • MD5
  • SSL/TLS Decryption Support:
    • SSL/TLS Versions: SSL3.0, TLS1.0, TLS1.1 and TLS1.2
    • Asymmetric Key Exchange: RSA and ECDH
    • Symmetric Keys: AES, 3DES and RC4
    • Hashing algorithms: SHA and MD5
    • Maximum concurrent sessions: Over 1,000,000
    • Private key storage: Encrypted and ‘write only’
  • Regular expression matching
  • Data masking to protect sensitive data such as credit cards and personally identifiable information (PII)
    • Target field identified by user-definable regular expression
    • Default regular expressions provided for commonly request data patterns such as credit card numbers
  • Multiple actions can be taken on matching sessions
    • Forward all related packets to an analysis tool
    • Enhanced NetFlow v9 and v10 and IPFIX can be generated and sent to up to 10 collectors
  • Simple pricing
    • ATI subscription includes all current and new features and application signatures released

Management

  • SNMP v1, v2, v3 support
  • Supports IEEE / Precision Time Protocol (PTP) time synchronization
  • Local, RADIUS, and TACACS+ support (members and groups)
  • Granular access control features
  • Event monitoring and logging
  • Syslog
  • IT Automation control with RESTful API

Power for Vision ONE

 

AC Power

DC Power

Dual power supplies

Yes Yes

Hot swappable

Yes Yes

Operating input voltage

100 to 240VAC

40 to 60VDC

Nominal current

6.6A @ 100VAC, 1.5A @ 240VAC

12.5A @ 53VDC

Max. operating input current

7.7A @ 100VAC

19.25A @ 40VDC

Heat/power dissipation for module at 100% traffic load

660W / 2252 BTU/hour

Compliance

  • RoHS, IEC-60950-1:2005, UL60950-1, and CSA C22.2 No. 60950-1, EN 60950-1, CE, FCC, AS/NZS CISPR 22 & 24, 55022, 55024, IEC-003

Physical Specifications

  • 1RU high 19” rack-mountable chassis
  • Dimensions: 17.5W x 29.5L x 1.75H (inches) / 44.5W x 75.0L x 4.5H (cm)
  • Weight: 36.4lb / 16.5kg

Operational Environment

Temperature

  • Operating: 5°C to 40°C
  • Short-term*: -5°C to 55°C (*not to exceed 96 consecutive hours)
  • Short-term* with fan failure: -5°C to 40°C (*not to exceed 96 consecutive hours)

Humidity

  • Operating: 5% to 85%, (non-condensing)
  • Short-term*: 5% to 90% (non-condensing, *not to exceed 96 hours)
Key Features
  • Easy-to-use web-interface with point-and-click functionality. No command-line needed!
  • Can be deployed in both inline and out-of-band monitoring modes simultaneously
  • NetStack features built-in
  • Highly resilient Active - Active Inline
  • PacketStack features built-in
  • Max 64 10G ports / Max 4 40G ports
  • AppStack features built-in
  • 1 RU
  • Supports Ixia Fabric Controller (IFC) - a highly resilient and extremely easy to use SDN controller providing visibility management through a single pane of glass

Active SSL

Now Available for Vision ONE!

Ixia's Active SSL capability, an addition to its SecureStack feature set, enables organizations to see inside traffic that uses ephemeral key cryptography.

Ixia's Active SSL can be used both inline and out-of-band, for outbound and inbound traffic and simultaneously with NetStack, PacketStack and AppStack capabilities. The Active SSL capability will be available via a high-performance application module that is compatible with Vision ONE™. With a dedicated dedicated cryptographic processor, it provides the best throughput integrated with a visibility solution. Moreover, it includes built-in policy management, URL categorization, support for all leading ciphers and reporting.

Learn more about Ixia's Active SSL

Inline and OOB

A single platform for a granular view of network security and troubleshooting

Problem: The fight against invisible threats

What network managers cannot see, they cannot fight. Threats carefully hidden in encrypted traffic can easily bypass security controls and the watchful eye of IT teams. Application bandwidth explosions with the sudden and rapid expansion of a new or unknown application can go undetected until they threaten the availability and health of the network. There are ways to amplify these issues, but they often require a complicated mix of tools to gain complete visibility into all the traffic and applications on a network. And managing a myriad of security and performance monitoring solutions can compromise network performance.

 

Solution: Visibility intelligence strengthens network security and optimizes performance

Ixia Vision ONE™ is a turnkey device that enables organizations to maintain security as well as identify and resolve performance problems across physical and virtual infrastructures from a single platform. Whether fighting against threats hidden in encrypted traffic, or feeding the right data to the right forensic solution, Vision ONE boosts network protection without negatively impacting performance. Build a layered defense with a combination of best-of-breed inline security and out-of-band analysis tools, or create a strong foundation that helps you understand what is happening in an enterprise network. Either way, Vision ONE is a crucial step toward complete network security.

Aided by integrated AppStack capabilities, Ixia's Vision ONE network packet broker (NPB) enables you to filter and visualize not only Level 2-4 traffic, but also Layer 7 application traffic, so that suspicious applications can be tagged and watched. This provides security advantages as users can quickly spot rogue applications or unusual activity, including traffic or packets coming or going from unauthorized geographies, or questionable file transfer protocol (FTP) transfers conducted on sensitive data in the middle of the night.

This capability alone would have short-circuited some of the most notorious data breaches suffered by enterprises and agencies in the past three years.

The integrated AppStack capabilities also offers performance advantages as customers can view real-time application level traffic and metadata through a web application program interface (API), or it can be filtered, decrypted, and sent onto forensic or application monitors for further inspection.

Vision ONE is the most critical piece of network infrastructure you never realized you needed.

READ THE NET TOOL OPTIMIZER NEWSLETTER

Visibility Intelligence

Stack up Ixia’s leading visibility intelligence features to optimize your traffic analysis and security tool performance. Used with a network packet broker, virtual or cloud platform, the extensive set of intelligent features allows you to modify, mold and transport traffic specific to tool needs. Moreover, we provide industry-specific, specialized capabilities. Each feature is executed with a purpose-built design to ensure you get the best performance whether in a physical data-center or in the cloud. To learn more, click on each stack.

NetStack Icon

NETStack

Robust filtering, aggregation, replication, and more - the Ixia gold standard baseline for visibility

  • Three Stages of Filtering (ingress, dynamic and egress)
  • Dynamic Filter Compiler
  • Source Port Labeling (VLAN Tagging & Untagging)
  • Aggregation & Replication
  • Load Balancing
  • Double your Ports- DyP (Simplex)
PacketStack Icon

PacketStack

Intelligent packet filtering, manipulation and transport

  • Deduplication
  • Header (protocol) Stripping & Packet Trimming
  • Timestamping
  • Data Masking
  • GRE Tunneling
  • Burst Protection (Deep Packet Buffering)
SecureStack Icon

SecureStack

Optimized handling for secure traffic

AppStack

AppStack

Context aware, signature based application layer filtering

  • Application Filtering
  • Geolocation & Tagging
  • Optional RegEx Filtering
  • Netflow & Ixflow
  • Data Masking Plus
  • Packet Capture
  • Real-time Dashboard
MobileStack_NONE

SecureStack capabilities are not available for this network packet broker or for this platform a this time - visit the page to learn more

MobileStack

Visibility intelligence tailored for the mobile carrier evolved packet core

  • GTP Session Correlation
  • GTP Load Balancing
  • Location Aware Filtering
  • Subscriber Sampling
  • EPC Filtering
  • Subscriber and Device Based Filtering
‘‘

“Security threats are increasing in volume and potency. Network and security administrators need help inspecting traffic, identifying threats and optimizing infrastructure performance,” said Lawrence M. Walsh, Chief Analyst, The 2112 Group, a channel analyst and consulting firm. “Ixia’s Vision ONE and ControlTower integrated with Cisco’s popular Nexus 3000 switches provides an additional layer of protection that enables partners of Ixia and Cisco to close the security and performance gap without adding additional overhead to infrastructure and management. By deploying Vision ONE and ControlTower alongside Cisco’s Nexus 3000, Ixia partners will deliver greater economies of scale by managing and optimizing traffic flows.”

Lawrence M. Walsh, Chief Analyst