xStream 40

A new way to support security tools

Problem: The high risks for high-volume networks

As an organization with high-volume networks, you face an interesting conundrum: You must carefully inspect all traffic on your 10GE and 40GE networks to ensure network security. However, careful monitoring often requires investing heavily in high-performance tools—otherwise, you risk oversubscribing your existing security tools. No wonder many organizations are eager for a new approach to handling and manipulating their network packets.

Solution: Brokering network-packet perfection

Specifically designed for high-speed networks, the battle-proven Ixia xStream 40 network packet broker (NPB) has the most complete feature set in the industry for inline tool deployment. Cost-effectively and efficiently, it increases the visibility of traffic from one or many network links to today’s wide variety of monitoring, security, and acceleration tools. As a powerful NPB, the xStream 40 boasts a number of key attributes. Among these are comprehensive high-availability features to support the deployment of fail-safe inline security tools. Additionally, smart load-balancing capabilities help relieve oversubscribed tools and enable the deployment of multiple tools in parallel for increased throughput and maximum flexibility. By supporting inline serial tools such as secure sockets layer (SSL) decryptors, intrusion prevention systems, and firewalls, the xStream 40 equips you for a variety of real-world enterprise network deployment scenarios.  

READ THE NET TOOL OPTIMIZER NEWSLETTER

Specifications

Performance

Hardware Throughput

1.28Tbps; no packets dropped as long as monitor traffic does not exceed monitor port bandwidth

Architecture

Cut-Through

Speeds

1Gbps, 10Gbps, 40Gbps

Latency

Ultra-low latency of 350 nanoseconds, any packet size, any-port to any-port, any amount of regeneration and filtering (excluding aggregation head-of-line blocking delays)

Load Balancing

Flow coherent, hash-based, 5-tuple (SIP, DIP, SPORT, DPORT, protocol), 2-tuple (SIP+DIP) for GTP and other protocols, or other combinations of L2-L4 header fields including SMAC, DMAC, ethertype, and VLAN; out-of-band, inline, tool sharing; 40G-to-10G and 10G-to-1G distribution; link-state awareness; Heartbeat monitoring of inline tool health; 1 to 20 independent load balance groups with up to 20 load-balanced outputs per group. Mixed speed/throughput load balancing

High Availability

Two xStream devices can be connected together via network ports to form a high availability solution, with configuration and state constantly synchronized between them; HA link can be protected via a second link connected via a pair of spare ports

Timestamping

Timestamping with nanosecond accuracy and support for PTPv2 (IEEE 1588)

Port Mapping

Aggregation, any number of ports; regeneration, any number of ports; any-to-any, any-to-many, many-to-any, and many-to-many; any port can be used as an input, an output, or both simultaneously

TapFlow

Filter by IP source address, IP destination address, MAC source address, MAC destination address, source port, destination port, protocol, network port or port group, VLAN

IP Options

MPLS Label, User Defined

Network Intelligence

Current utilization, total packets, total bytes, CRC errors; more than 100 detailed traffic statistics and counters including RMON; all counters can be exported as CSV files

Packet Slicing

Truncate packet on the fly to increase scalability

TACACS+/RADIUS

Server allows authentication of users from external AAA servers using either RADIUS or TACACS+ protocols

Device Management

Web UI, Serial console, SSH, (CLI), FTP/SFTP/SCP file transfers, SNMPv3, SNMPv2, SNMPv1, remote software upgrades, back-up and restore configuration, role-based access control management, NETCONF

 

Chassis

Environment

  • Operating Temperature: 0˚C to 40˚C
  • Storage Temperature: -10˚C to 70˚C
  • Relative Humidity: 10% min, 95% max, non-condensing

Mechanical

  • Dimensions: 1.72” high x 16.5” deep x 17.7” wide
  • Mounting: Surface or 19” rack mount (1U)
  • Weight: 15.0 lbs

Connectors

  • Ports: (48) SFP+, (4) QSFP ports, (64) SFP+ with a splitter cable
  • Management Port: (1) RJ45 10/100/1000 Copper
  • Configuration (CLI) Port: (1) Cisco DB9 to RJ45
  • DC Receptacle: Terminal peak, 12-14 gauge wire

Hot-Swappable Modules

  • Power: (2) AC universal or (2) -48VDC, redundant
  • Fans: (5) hot-swappable modules (4+1 configuration)

Electrical Interface

  • AC Input: 100-240VAC, 5.29-2.2A, 50/60Hz
  • DC Input: -40VDC nominal -40 to -72VDC, 13.9A

Indicators

  • (All ports) Link LEDs
  • (All ports) Activity LEDs
  • (2) Power LEDs

 

Certifications

Safety

MET, CE

EMC

FCC, VCCI, C-Tick, KC, ME06, CCC, AR

Environmental

RoHS, WEEE

Protocol

Fully IEEE 802.3 compliant

Security

STIG and PCI security profiles, management port firewall, audit logging, HTTPS, import SSL certificate, AAA services with TACACS+/RADIUS

Key features

Aggregates, filters, and load balances 10GE/40GE networks for greater visibility
Provides industry-leading port density in a compact form factor
Performs tool load-balancing to protect investments in existing monitoring tools
Maintains synchronized link status on both sides of a tool or network with link-failure detection
Delivers smart rebalancing to minimize disruption on existing traffic and tools
High availability supports active-active or active-standby modes, auto sync or manual sync of configuration and operation status, and highly reliable synchronization engine with spare ports for protection