Contact us
Contact us

Exciting Announcement! In celebration of launching our AI Certification, we’re thrilled to offer a 50% discount exclusively. Seize this unique chance—don’t let it slip by!

Learn more

Category: Network Observability

Categories
Network Observability

Deep packet inspection through User Defined Filtering (UDF) with Open Packet Broker

Indeed, in enterprise environments where traditional network monitoring and filtering methods may not provide the desired level of accuracy or granularity, Deep Packet Inspection (DPI) can be a valuable solution. DPI goes a step further by analyzing the entire content of data packets. This allows for a more comprehensive understanding of the data being transmitted.

Why do we need Deep Packet Inspection?

Customization and Specific Offset Inspection: DPI can be tailored to meet the specific needs of the enterprise. Network administrators can define the offsets within data packets that they want to inspect. This level of customization enables precise filtering and monitoring based on the exact location and values within the packet.

Enhanced Accuracy: By focusing on specific offsets and values within data packets, DPI can provide enhanced accuracy in identifying and classifying traffic. This is particularly valuable when dealing with complex or non-standard protocols and applications.

Security and Threat Detection: DPI’s ability to inspect specific offsets allows for the detection of specific patterns, signatures, or anomalies within data packets. This is instrumental in identifying and mitigating security threats, including advanced and zero-day attacks.

Custom Policy Enforcement: Enterprises can enforce custom policies based on the content found at specific offsets. For example, they can filter out sensitive data, block certain types of content, or prioritize specific applications or services.

Data Loss Prevention (DLP): DPI can be used for data loss prevention by monitoring data packets for sensitive information, such as proprietary company data, and preventing their unauthorized transmission.

How does User Defined Filtering work in Aviz OPB?

User Defined Filtering (UDF) as implemented in the Aviz Open Packet Broker (OPB) built over the open-source Software for Open Networking in the Cloud (SoNiC) is a powerful and customizable network packet processing solution. This combination allows network administrators to perform deep packet inspection and filtering based on specific offsets within data packets, offering fine-grained control and flexibility.

Key aspect of User Defined filter:

  • High level of granularity: Users can specify precisely what they want to filter or monitor, whether it's blocking access to certain websites, prioritizing specific applications or services, or monitoring traffic for specific keywords or patterns.
  • Use cases: UDF with deep packet inspection is valuable for various use cases, including security threat detection, application recognition, content filtering, and compliance enforcement. For example, administrators can use it to block malicious payloads, prioritize or de-prioritize specific application traffic, or enforce content policies.
  • Flexibility and Adaptability: UDF in Aviz OPB provides flexibility and adaptability, allowing organizations to respond to evolving network conditions and security threats. Administrators can modify filtering rules as needed to address changing requirements.
  • Monitoring and Reporting: Aviz OPB often includes monitoring and reporting capabilities. Administrators can monitor network activity, generate reports on traffic patterns, and gain insights into network behavior.

Figure 1: UDF – flow diagram via OPBNOS

Using UDF, users can configure a rule to match specific bytes in the ingress packet based on a given offset to permit or deny matched packets

  • Offset for the L3 packet starts from the IP header in the packet
  • Offset for the L2 packet starts from EtherType in the packet 
				
					flow flow1
network-ports Ethernet12/1
tool-ports Ethernet14/1
rule 1 permit description "UDF" udf-data 0xb166 udf-extraction-group l2 udf-offset 2 counters enable
rule 2 permit description "UDF" udf-data 0x4500 udf-extraction-group l3 udf-extraction-point ipv4 udf-offset 0 counters enable

Figure 2: UDF based rule configuration

Figure 3: Flow configure through API’s

Aviz OPB and UDF: The Ultimate Solution for Precise Network Traffic Control

Overall, the combination of Aviz OPB and UDF offers advanced network packet processing capabilities with deep packet inspection and filtering based on specific offsets defined by network administrators. This level of customization is valuable for organizations that require precise control over their network traffic to meet security, compliance, and performance objectives with minimal cost using SONiC.

Ready to Experience the Power of Aviz OPB? Contact Us Today!

Categories
Network Observability

Syncing Success: Elevating Network Monitoring with Time-Synced Excellence in the SONiC Landscape

In the dynamic landscape of network monitoring, Time Synchronization emerges as a pivotal force, particularly in industries where precise packet timing is paramount. This is evident in time-sensitive applications like algorithmic trading platforms, emergency response systems, and Telco network monitoring, where split-second decisions are imperative. It forms the bedrock for achieving optimal Quality of Service (QoS), fault detection-diagnosis, and security threat detection. From enhancing call detail record analysis to synchronizing subscriber experience monitoring, Time Synchronization emerges as the unsung hero, orchestrating precision and efficiency in the symphony of network operations.

Why do we need packet timestamping?

Precise timestamps help pinpoint delays, identify network bottlenecks, optimize routing, and ensure adherence to service-level agreements.

  1. 1.

    Detecting the congestion point on the path of a flow:
    Monitor packet delays at various points along the path by analyzing the corresponding packet timestamps. This helps in Jitter, Throughput analysis and packet loss detection as well.

  2. 2.

    Path Tracing:
    By examining timestamps at different network devices, administrators can trace the path of a flow and pinpoint specific devices or links where congestion is likely occurring.

  3. 3.

    Arrival sequence validation:
    Arrival sequence validation helps confirm that packets are reaching their destination in the correct order. Also helps in achieving the protocol compliance, avoid data corruption and reliability

  4. 4.

    Security incident investigation:
    In cybersecurity, timestamps are essential for investigating security incidents. Analyzing the timing of events helps in understanding the sequence of actions during an incident

  5. 5.

    Troubleshoot and debugging the network delays :
    Timestamps facilitate the correlation of events across different network devices, aiding in troubleshooting and debugging by establishing a chronological order of occurrences

  6. 6.

    Dynamic Path Adjustments:
    Implement dynamic path adjustments to reroute traffic away from congested paths. This adaptive approach helps in mitigating congestion dynamically.

By employing a packet timestamping feature, network administrators can effectively detect congestion points, network delays, threat issues allowing for proactive management and optimization of network performance. Regular monitoring and analysis are essential for maintaining a resilient and efficient network.

How are we enabling Network Administrators?

Open Packet Broker (OPB) is the industry’s first software-based containerized Network Packet Broker (NPB) application built on top of the open-source SONIC NOS to enable monitoring and security tools to access the network traffic. OPBNOS stands out with its support for packet timestamping. Leveraging modern ASIC capabilities, it allows users to configure timestamps per port or flow, providing unparalleled precision. Packet timestamps can be added at ingress/egress at every port. Achieving precise time synchronization in network packet broking can be accomplished through two essential methods.

  1. 1.

    Timestamping the packetsintercepted by the network packet broker devices is a fundamental approach. This involves assigning a precise time reference to each packet, allowing for accurate sequencing and analysis.

  2. 2.

    Synchronizing the network packet brokerswith the network time. This synchronization can be achieved through widely used protocols such as Network Time Protocol (NTP) or high-precision Precision Time Protocol (PTP).

Network operators would like to insert timestamp to all the packets ingressing from network ports and egressing out to tool ports.

Fig : Deployment representation of Time-Synchronized OPB Network

opbnos# conf t
opbnos(config)# timestamping enable | disable

opbnos# conf t
opbnos(config)# interface ethernet Ethernet1/1
opbnos(config-if)# timestamp enable stage ingress source-id NE1Eth1

opbnos# conf t
opbnos(config)# interface ethernet Ethernet2/1
opbnos(config-if)# timestamp enable stage egress source-id NE1Eth2

Fig : TimeStamp Configuration at Interface level in OPBNOS

OPBNOS also offers the packet timestamp decoder which helps in analyzing the packet capture dump and decode the timestamp info for the customers. Also, it is use-case driven where the analyzer can be extended to serve any specific use-cases post decoding in the future.

test@aviz ~ % python3 timestamp_decoder.py
Timestamp Data : 0xebb8a66c01a05bd592ba00f577980000000001a05bd59584005bbbdd
Source-1 : Seconds 1665 and Nanoseconds 466981562 and origin id : 0x7abbcc
Source-2 : Seconds 1665 and Nanoseconds 466982276 and origin id : 0x2dddee
Time Difference : 0 Seconds and 714 Nanoseconds

Fig : TimeStamp Decoder to verify/test the time difference in Network.

Conclusion

In conclusion, the synergy of packet timestamping is the bedrock of the modern network monitoring world. Packet timestamping, with its precision, lends a temporal dimension to data, enabling meticulous analysis, troubleshooting, and compliance. When integrated seamlessly into any network monitoring using Open Packet Broker (OPB based on SONIC NOS) , this timestamp feature becomes invaluable, orchestrating the symphony of network operations.

Time is not just a metric; it’s the heartbeat of network resilience and innovation.

 

FAQs

For any further queries or more information, please don’t hesitate to contact us.

Categories
Network Observability

Open-Source Alternative for the Network Packet Broker

Server racks in computer network security server room data center. 3D render dark blue. Generative AI

Network Packet Brokers (NPB) have been a critical component of the enterprise infrastructure for decades. They implement a range of tools to access, filter, and analyze traffic (a.k.a. network packets). NPB solutions collect packets from multiple links, filter them, and distribute them to tools specialized in performance monitoring, security analyses, and more by delivering packets specific to their needs. Typical NPB solutions are appliance-based, and proprietary in nature, making them expensive and inflexible. The cost of implementing such solutions in large data centers and edge networks can run into hundreds of thousands of dollars, if not more.

The evolution of application-driven networking has been lauded by many industry leaders. Recent advancements in ASICs have increased their programmability, TCAM scale, and introduced flexible matches and actions. This creates opportunities to disaggregate the software and hardware components for packet broker solutions while meeting the performance and capacity requirements of the enterprise.

Every data center in the world will deploy data processing units (DPU) to isolate the application layer from the control plane within five years. In every single data center, enterprise, or cloud, the control plane, and the application plane will be isolated. I promise you that.

CEO, NVIDIA

How can disaggregation be achieved for Network Packet Brokers?

Before answering this question, we need to understand the core reason why NPB solutions are proprietary and appliance-based. Primarily it is the “unavailability” of a standardized NOS (Network Operating System), allowing vendors to utilize and exploit the power of their ASICs to deliver the capabilities required by packet broker solutions.

With SONiC (Software for Open Networking in the Cloud), the open-source NOS, it is now possible to think of packet brokers as networking applications that harness the power of modern ASICs. SONiC has quickly become the standards-based open-source NOS that is being regarded as the “Linux of Networking” with support for over 100 SKUs across multiple ASICs. It provides a state-of-the-art microservices-based NOS architecture that paved the way for networking services as disaggregated applications on commodity hardware.

What may a disaggregated Packet Broker solution look like?

A network packet broker built using commodity switching hardware and open-source SONiC would be a truly disaggregated solution. NPB functions such as filtering, forwarding, and load balancing can be achieved using a programmable API, making such a solution truly software-defined. SDN (Software Defined Networking) principles can be used to program the ASIC with policies and services, such as filtering and traffic replication. The picture below provides a high-level depiction of a disaggregated packet broker.

Figure1: Disaggregated Packet Broker

What are the benefits of using a disaggregated Packet Broker solution?

First off, a disaggregated packet broker solution based on open-source NOS eliminates the proprietary appliances significantly reducing the CapEx and OpEx. Secondly, it allows for the choice of hardware to leverage available speeds (from 10GbE to 400GbE) at a fraction of the cost of typical NPB solutions. Thirdly, the open-source nature of such solutions allows for easy integration with commercial analyzers available for performance and security monitoring. Last, but not least, disaggregation allows for the repurposing of hardware that is typically discarded during the network refresh cycles, making the solution even more lucrative, especially at a time when the semiconductor shortage has crippled the network infrastructure upgrade initiatives.

The “Open Packet Broker” by Aviz

Aviz’s Open Packet Broker (OPB) is the industry’s first software-based containerized application built on top of the open-source SONiC to enable monitoring and security tools to access the network traffic. It is truly disaggregated because it can be deployed of your choice of Switch/ASIC hardware, as long as it supports SONiC. OPB enables you to easily scale up or down to meet the ever-changing needs of network visibility and security tools, empowering you to manage demand with maximum efficiency. To learn more about the Open Packet Broker schedule a demo.

Open-Source Alternative for the Network Packet Broker

Network Packet Brokers (NPB) have been a critical component of the enterprise infrastructure for decades. They implement a range of tools to access, filter, and analyze traffic (a.k.a. network packets). NPB solutions collect packets from multiple links, filter them, and distribute them to tools specialized in performance monitoring, security analyses, and more by delivering packets […]