advanced network packet broker - network visibility...omnia network packet broker webgui 12 the...
TRANSCRIPT
Oct. 2020
Advanced Network Packet Broker
@Cubro Confidential
Table of contents
2
1. Overview of Omniaa. Omnia10b. Omnia20c. Omnia120d. PacketMaster Featurese. SessionMaster Features
2. Network Packet Broker Features a. Web GUI b. ACL filtering inlinec. Load balancingd. GRE encapsulatione. ERSPAN encapsulationf. VLAN and VXLAN encapsulationg. Timestampingh. Packet Slicingi. Tunnel Header Removalj. MAC Modification
k. Offset Strippingl. Data Masking
m. GRE and VXLAN Endpointn. TCP Reordering and Packet Fragment Reassemblingo. Deduplication inline or on a SPAN portp. Deduplication passive after an optical TAPq. V5 and V9 Netflow Prober. Metadata exporter: Netflow / DPI
Overview of
@Cubro Confidential
Power and Versatility for any Enterprise
4
Omnia takes Cubro’s experience in Network Visibility and Monitoring and pairs it with an evolution of the EXA8 platform design. The result is a lineup of purpose-driven hardware paired with feature stacks developed over years of experience and engineering. This approach offers customers greater choice and more functionality.
SOFTWARE+
HARDWARE
PacketMaster SessionMaster AppMaster
@Cubro Confidential
Omnia10: Versatility across Multiple Deployments
5
CPU Quad-Core ARMv8
Switch 88E6190X Marvell
Memory DDR4 ECC UDIMM 16GB
eMMC 16 GB
MGMT 10/100/1000 Base-T RJ45
Console 1 * RS232 (RJ45)
I/O 2 * USB3.0 (Type A)MicroSD Card slot
Bypass Support 4 groups Copper Ports
Port 2 * 10GbE8*GbE(RJ45)
Internal extended I/O 1* mini PCIex1 Gen 32* M.2(PCIex4 Gen3,2280)1* M.2(Sata Gen3, 2242 & 2280 compatible1* SATA (Gen3, support 2,5 inch HDD or SSD)
Power Supply AC 100 - 264 or DC 48V
Size (W x H X D) mm 335 x 220 x 44.4
Power consumption 30 W
The Omnia10, formerly the EXA8, is a multi-function network appliance perfect for SMBs, branch offices, and remote deployments. With built-in, passive tapping capability, 10G interfaces, on-board storage, and a diverse set of software options to choose from, it is a device capable of addressing a multitude of network and security challenges.
@Cubro Confidential
Omnia20: Performance for Demanding Workloads
6
CPU Quad-Core ARMv8
Switch 88E6190X Marvell
Memory DDR4 ECC UDIMM 16 GB
eMMC 16 GB
MGMT 10/100/1000 Base-T RJ45
Console 1 * RS232 (RJ45)
USB 1 * USB3.0 (Type A)
Bypass Support 4 group Copper Ports
Port 2 * 10GbE 2 * 1 GbE (SFP) 8*GbE(RJ45)
Internal extended I/O 1* mini PCIex1 Gen 32* M.2(PCIex4 Gen3,2280)1* M.2(Sata Gen3, 2242 & 2280 compatible1* SATA (Gen3, support 2,5 inch HDD or SSD)
Power Supply AC 100 - 264 or DC 48V
Size (W x H X D) mm 335 x 220 x 44.4
Power consumption 30 W
The Omnia20 ups the ante by building on the capabilities of the Omnia10 with additional 1G SFP interfaces and double the processing capabilities. It retains the versatility of the Omnia10 while being the go-to choice for especially demanding tasks.
@Cubro Confidential
Omnia120: Large Enterprise Powerhouse
7
CPU 2 x Multi-Core ARM CPU
Switch Cavium Xpliant
Memory DDR4 ECC UDIMM
MGMT 10/100/1000 Base-T RJ45
Console 1 * RS232 (RJ45)
Port 48 * 1/10GbE SFP+ 4 * 40/100GbE QSFP28
Power Supply AC 100 - 264 or DC 48V
Size (W x H X D) mm 440 x 660 x 44.4
Power consumption 400W
The Omnia120 is the ideal option for large-scale enterprise networks that utilize a Data Center or Private Cloud for mission-critical applications. Non-blocking, switching silicon fuels PacketMaster features at line rate, on all interfaces. Dual multi-core CPUs and dedicated memory enable the user to run SessionMaster and AppMaster software simultaneously or forego AppMaster to gain twice the processing performance for SessionMaster features.
@Cubro Confidential
PacketMaster Features: L2-L4 Visibility
8
● ACL filtering inline○ Filter traffic on OSI Layer 2 through Layer 4 criteria○ Forward specific traffic to one or more interfaces○ Drop specified traffic
● Load-Balancing○ Select from multiple Symmetric or Asymmetric load-balancing algorithms
● GRE termination● ERSPAN termination● VXLAN termination● Timestamping● Packet Slicing● Tunnel header removal● VLAN append/modify/strip● MAC modification● Offset stripping
○ Create custom header stripping offsets for specific applications● GRE and VXLAN active tunnel endpoint
The PacketMaster feature stack incorporates traditional Network Packet Broker functions such as Any to Many or Many to Any traffic forwarding, filtering, and blocking, header modification and stripping, Load-Balancing, tunnel termination and more.
@Cubro Confidential
SessionMaster Features: Deep Filtering & Analysis
9
● ACL Keyword filtering● Traffic Correlation● Tunnel header removal● Data masking● TCP Reordering and Packet Fragment Reassembling● Deduplication inline or on a SPAN port● Deduplication passive after an optical TAP● Netflow Generation● Metadata exporter: Netflow / DPI
The SessionMaster feature stack draws on Cubro’s cutting-edge Advanced Network Packet Brokers. Functions include Traffic Deduplication, Regular Expression search, Data Masking, SSL/TLS Decryption and more. In today’s networks it is no longer sufficient to filter traffic at L2-4 in many scenarios. SessionMaster features grant the deep visibility necessary for cutting-edge deployments.
Network Packet Broker Features
@Cubro Confidential
Integrated Web UI
11
PacketMaster and SessionMaster features are integrated into a single, intuitive GUI to simplify usability and streamline configuration.
@Cubro Confidential
Omnia Network Packet Broker WebGUI
12
The Omnia series offers a simple to use Web UI for fast configuration. Additionally, system resources like Memory and CPU Utilization are visible.
Via the tabs on the left menu the users can navigate through the UI.
@Cubro Confidential
ACL Filtering Inline The device supports IP + MASK and 5 tuple Inner / Outer filtering: If you want to use the inner quintuple, you need to turn on the inner quintuple filter.
There are 7 filter types for ACL configuration:
1. Tuple2. Tuple V63. Ipset4. Ipset V65. L26. Packet Type7. Regex
The device supports multiple sets of ACL. Each ACL group is independent of each other.
13
@Cubro Confidential
ACL Filtering Inline
Input traffic
Output traffic
14
@Cubro Confidential
Load Balancing
Load Balancing can be performed on multiple ports based on multiple hashing methods including: quintuple, source and destination IP address, and polling. As well as inner tunnel layer load balancing mode.
Load balancing based on the quintuple hashing ensures synchronisation between the two devices, ensuring data integrity.
Input traffic
LB output traffic
15
@Cubro Confidential
GRE Encapsulation
Input traffic
Output traffic
With this feature, we can encapsulate the traffic in a GRE tunnel.
16
@Cubro Confidential
GRE Encapsulation Example
17
@Cubro Confidential
ERSPAN Encapsulation
Input traffic
Output traffic
With this feature, we can encapsulate the traffic in an ERSPAN v1, v2 or v3 header.
18
@Cubro Confidential
ERSPAN v2 Encapsulation Example
19
@Cubro Confidential
VLAN Encapsulation
Input traffic
Output traffic
With this feature, we can add a VLAN tag to the output packets.
20
@Cubro Confidential
VLAN Encapsulation Example
21
@Cubro Confidential
VXLAN Encapsulation
Input traffic
Output traffic
With this feature, we can encapsulate the traffic in a VXLAN header.
22
@Cubro Confidential
VXLAN Encapsulation Example
23
@Cubro Confidential
Timestamping
Input traffic
Output traffic
With this feature enabled, output packet frames are timestamped with a resolution value between 20 - 200 ns.
24
@Cubro Confidential
Timestamping Example
25
@Cubro Confidential
Packet Slicing
Input traffic
Output traffic
With this feature, we can slice the packet frames payload with a range between 40 and 1550 bytes. CRC can be recalculated.
26
@Cubro Confidential
Packet Slicing Example
27
@Cubro Confidential
Tunnel Header Removal
Input traffic
Output traffic
With this feature, we can remove the tunnel headers listed below:
● Stripping the VLAN tunnel● Stripping the MPLS tunnel● Stripping the VXLAN tunnel (stripping up
two layers of VXLAN)● Stripping the GRE tunnel
28
@Cubro Confidential
Tunnel Header Removal
Header removal is not limited to just a single header, multiple headers can be removed at once.
29
@Cubro Confidential
Tunnel Header Removal Examples
VXLAN Headers Multiple MPLS Layers
1st VXLAN Header Removed MPLS Layers Removed
30
@Cubro Confidential
MAC Modification
Input traffic
Output traffic
With this feature, we can modify the source and/or destination MAC address of the packet frame.
31
@Cubro Confidential
MAC Modification Example
32
@Cubro Confidential
Offset Stripping
Input traffic
Output traffic
With this feature, we can remove a range of bytes in the packet frame.
33
@Cubro Confidential
Offset Stripping Example
The example shows the GTP header stripping by means of “offset stripping” in a 4G session. As seen in the capture, the GTP header (Outer IP address + Outer L4 protocol + GTP) has a length of 40 bytes and an offset start value of 14 “45” in the packet frame. By Setting up these values, we see that the GTP header is removed in the second capture.
34
@Cubro Confidential
Desensitization / Data Masking
Input traffic
Output traffic
With this feature, you can hide original data with modified content. There are two options for Data Masking:
1- Keyword: Within the specified range, the keyword is searched and modified by the set hex value.
2- Customized: Choose a random range of bytes to modify.
35
@Cubro Confidential
Desensitization / Data Masking Example
1- Keyword
Example: The keyword “windows” has been found and modified by the “001” hex value.
36
@Cubro Confidential
Desensitization / Data Masking Example
2- Customized
Example: As seen below, the 8 bytes right after “L4_Hdr_Start” parameter we have defined, have been modified by the hex value “01”.
37
@Cubro Confidential
GRE and VXLAN Endpoint
Input traffic with tunnel
Output without tunnel
The Omnia devices can be configured to act as an active endpoint by setting up an IP on the input interface and the necessary protocol (like ARP for IPv4 or NDP for IPv6), for the transmitter to find the endpoint on the network. The tunnels are actively received and then de-encapsulated (terminated).
38
@Cubro Confidential
GRE and VXLAN Endpoint
Configuration of the Omnia device as an active endpoint via the G1 interface.
39
@Cubro Confidential
VLAN Filtering
Based on the port limit, the data containing the VLAN tag enters the system and the function of filtering data is achieved.
It is not necessary to configure the ACL to filter by means of VLAN ID
Input traffic
Output traffic
40
@Cubro Confidential
TCP Reordering and Packet Fragment Reassembling
TCP Reordering: With this feature, it is possible to reorder packets of sessions that have arrived out of order.
Packet Fragment Reassembling: With this feature, fragmented IP packets are reassembled and sent to an output.
41
@Cubro Confidential
Deduplication inline or on a SPAN port
Input traffic
Output traffic
Repeated packets are transmitted on the link due to tapping at multiple points on the link. This function can retrieve duplicate messages on the link within 1 second and delete duplicate messages.
The basis for repeating the message is to start from the IP layer of the message and compare all the data at the end of the message. The user can configure the start depth (Compare - offset) and the length of the match (Compare - depth) for the packets.
42
@Cubro Confidential
V5 and V9 Netflow Probe
Input traffic
Output netflow metadata
With this feature the Omnia works as a Netflow Probe to generate metadata for network monitoring. We support Netflow V5 and V9.
43
@Cubro Confidential
V5 and V9 Netflow Probe
Netflow v9 Configuration
44
@Cubro Confidential
Metadata Exporter Netflow / Netflow - DPI / DPI
45
@Cubro Confidential
Quality & Environment Management
Cubro is certified with ISO 9001 for Quality management according to international standards.
Cubro is certified with ISO 14001 for managing the efforts to protect our environment.
46
THANK YOU
Cubro Network VisibilityGhegastraße 3 1030 Vienna, Austria
Tel.: +43 1 29826660Fax: +43 1 2982666399Email: [email protected]
Cubro Asia Pacific8, Ubi Road 2 #04-12 ZervexSingapore 408538
Tel.: +65-97255386Email: [email protected]
Cubro North America105 Strowger BlvdBrockville, Ontario,Canada K6V 5K1
Tel: 613-213-0222Email: [email protected]
Cubro Japan8-11-10-3F, Nishi-Shinjuku, Shinjuku,Tokyo, 160-0023 Japan
Email: [email protected]