The Rise of Next-Generation Network Packet Brokers
Network packet brokers (NPB) have played a key role in helping organizations manage their management and security tools. The tool space has exploded, and there is literally a tool for almost everything. Cybersecurity, probes, network performance management, forensics, application performance, and other tools have become highly specialized, causing companies to experience something called “tool sprawl” where connecting a large number of tools into the infrastructure creates a big complex mesh of connections.
Ideally, every tool would receive information from every network device, enabling it to have a complete view of what’s happening, who is accessing what, where they are coming in from, and when events occurred.
The problem with this is that managing an environment where everything connects to everything isn’t realistic (see top image below).
What is a network packet broker?
Enter the world of the network packet broker. These devices sit between the infrastructure and tools layer, so each tool plugs into the NPB once, as does each infrastructure element (bottom image). This greatly simplifies deployment and management of tools.
Without a network packet broker
With a network packet broker
Also, adding new tools simply requires plugging into the NPB. Another benefit is that upgrades can be done easily, as the tool can be taken off line, the interface upgraded and plugged back in. This minimizes any disruption from the operations of the business.
NPB features and TAP aggregation
Over time, NPBs have evolved in both their capabilities and their strategic value. The following are the different evolutionary phases for NPBs:
Terminal access point (TAP) aggregation: This should be considered table stakes for NPBs. Initially, NPBs were designed to receive information from a network and other devices, organize the data, and pass it along to each tool plugged into the NPB. The value of the NPB was to ensure that each tool received all the data from all the tools to avoid potential blind spots.
Intelligent TAP aggregation: Over time, NPBs evolved and became smarter and would apply some filtering capabilities to the data before sending it to the tools. Features such as de-duplication, intelligent filtering, and packet splicing were brought to NPBs. Also, an NPB had the intelligence to understand what data was coming in and what tool it was sending the information to. For example, email security tools only need to receive email. Without an intelligent NPB, all data would be sent to it, and it would need to filter the data and drop what it does not need. The value of intelligent TAP aggregation is that each tool receives only what data it needs to perform its function, which greatly reduces the amount of processing the tools have to do.
Security packet broker: As cybersecurity threats have evolved, so has the number of security tools. As this happened, NPBs developed security-specific capabilities to optimize the effectiveness of the security tools. One example is the pre-filtering capabilities brought into intelligent TAP aggregation. Another capability of security packet brokers is the ability to operate out of band so that the security tools can perform their task at line rate but not impact the performance of applications.
The current crop of NPBs plays a critical role in enabling businesses to perform several functions, such as moving to a virtual network, upgrading the network, and cost-effectively adding more advanced tools. However, infrastructure evolution continues to march on, and now it’s time for next-generation NPBs.
Understanding next-generation NPBs
Next-generation NPBs are designed to meet the needs of digital businesses. A good analogy to consider is the evolution of application delivery controllers (ADCs). They started as simple load balancers and then added advanced load-balancing capabilities to become ADCs. After several years, security and cloud capabilities were introduced, and the product category shifted to advanced ADCs. The same trend is happening with NPBs as they evolve to next-generation NPBs.
Several vendors play in the NPB market today, but not all of them are equal. Most are basic products that offer the core set of features that every NPB should have today. These include:
- Data aggregation
- De-duplication
- Intelligent filtering
- Packet slicing
- Decapsulation
- Masking
- Intelligent redistribution
A few vendors have stepped ahead of the rest of the field and offer products with capabilities that make it easier to deploy and upgrade tools, manage the end-to-end environment, understand user behavior, and help businesses protect themselves. This has driven the need for a new set of features. The below features define next-generation NPBs:
- Metadata engine
- SSL decryption
- Application session filtering
- Inline bypass
New form factors for next-generation NPBs
The form factor of NPBs also needs to change. A traditional NPB is a hardware appliance; these are still required when guaranteed performance is a must. However, this form factor must now be augmented by others that bring the functionality to cloud and virtual environments. This augmentation will enable organizations to extend the NPB functions to public, private and hybrid cloud environments, giving businesses true end-to-end visibility.
NPBs and centralized management
As the number of NPBs expands, the ability to manage them as discrete entities becomes increasingly difficult. Centralized management capabilities will give IT professionals the ability to make a single change and then propagate it across every next-generation NPB at once. Lastly, automation and orchestration capabilities would allow changes to be made to the next-generation NPB when a business policy dictates without having to involve IT operations. Over time, automation, orchestration, and a closed-loop data exchange will give rise to the vision of intent-based operations for next-generation NPBs, where business policies will dictate configuration changes.
The advanced capabilities of next-generation NPBs are critical to the success of digital organizations. If an organization wants to move quickly, the limited feature set and manual nature of operations in traditional NPBs will hold the business back. Next-generation NPBs modernize the packet broker and align it with current trends.