Layer 7 Filter
All EX Packetmaster are very good in filtering, thousands of filters without performance leaks. Most of the fields, in the IPv4 and IPv6 layer 4 header can be used as filter match. But sometimes layer 4 is not enough. iltering and modification up to Layer 7 is the playground of the Session Masters. The Session Masters units are working with Network processors, this silicon are highly optimized processors to handling network traffic. Compare to legacy processors many network related functions are implemented in hardware. This is the reason why all Session Master units can process very large amount of data.
But the available packet load per second is lower than the EX series. The max load on the session master is 400 Gbit/sec. The other advantage of the Session Master is the amount of rules (up to 1 Mio) and the very fast change rate of rules per second (up to 12000)
As all Packet brokers from Cubro the Session Master could be used as an endpoint device or also inline.
This advanced features offer a lot full new applications for NPB.
A few examples
This advanced features offers a lot full new applications for NPB.
Sessionmaster feature Set
• Powerful Network Protocol Identifying
Pv4/IPv6, TCP/UDP/SCTP, HTTP, L7, etc
MPLS, PPTP, L2TP, GTP, GRE, IP over IP, VLAN, PPPoE
Gn/IuPS, S11, S1-MME/S1-U/S6a, etc
• Ultra-detailed Traffic
Pv4/IPv6 5-tuple, LTE/3GPP 5-tuple in the tunnel,supporting mask /range
IP 7-tuple (dip, sip, dp, sp, pro, input port, vlan id)
Key words; key words + 7-tuple rules to make detailed classification
Gn, S1-MME, S11, S6a, S1-U, etc protocols in PSC/EPC
• Traffic Classification Rule
8 groups of 7-tuple ACL rules, each group containing 2048 IPv4 rules and 2048 IPv6 rules
64 groups of key word rules, each group containing up to 128 key words
2048 extensible IP rules
Millions of accurate 5-tuple rules (non-range and non-mask)
Real-time rule configuration and updating
• Packet Processing
Time stamping, ns-level
IP fragment reassembling
VLAN tag adding or deleting
Identifying GTP upstream and downstream traffic
GRE/GTP/MPLS header stripping
Packet order preserving
4 GB data burst buffering
Filter on the inner IP addresses in any kind of non encrypted tunnel like GTP,GRE,VXLAN,GENEVA, and so on.
Session and Service based load balancing (inner IP in a tunnel)
Filter on protocol flags for advanced trouble shooting, it is possible to match on any byte within the packet.