SPECTRAMI - EMEA Value Added Distributor for Security, Network Visibility, and Performance Monitoring Solutions


Mar 27th, 2018

What´s new and improved with the 18.1.1 cPacket release?

ERSPAN Type III Termination at 40G
Data center (DC) switches can now ERSPAN traffic full blast at 40G. So, why is this important? Let´s take a moment to understand the underlying needs and benefits. 40G port switches seem to be the norm these days in many data centers so it´s imperative that communication between these switches and other devices support 40G, natively. This allows DCs to optimize on space, expenses and avoid the hassles of 40G to 4x10G 'step downs.´ But now, cPacket´s cVu devices can support 40G native speeds for ERSPAN Type III traffic.

So, what exactly is this feature capable of? Encapsulated Remote Switch Port Analyzer, also known as ERSPAN, is a method of mirroring traffic from one or more 'source' ports to one or more 'destination' ports. It is a convenient method for switches to copy traffic from one or more ports and send it to a monitoring network where that traffic is monitored and analyzed for security issues, anomalies, network performance, SLAs etc. The unique value of ERSPAN, unlike that of SPAN, is that the traffic is encapsulated in a Generic Routing Encapsulation (GRE) header and is routable across a layer 3 network. In simplest terms, the ERSPAN packets can be sent across multiple switches and routers to reach their destination, versus requiring direct connection via dark fiber or limiting the distance to within a rack or row.

Previous cPacket releases supported ERSPAN Type III at 10G, which was sufficient for campus and edge environments but could be restrictive in DC environments. Enabling termination at 40G makes this feature universally applicable from edge to core to DC. Furthermore, the cPacket cVu devices can extract timestamps from ERSPAN packets with one- nanosecond accuracy. By the way, let´s not forget to mention that cPacket is one of the industry´s first to bring the 40Gbps ERSPAN Type III termination functionality! Pretty innovative isn´t it?

Arista Timestamp Extraction
Many data centers use Arista 7150 series of switches, which can create and embed timestamps in the packets. Timestamps inserted at the switches can be very useful to obtain accurate network performance metrics of the production network. Otherwise, the devices in the monitoring network would have to do the calculated math of removing the latency factor contributed by the monitoring network to arrive at the network performance metrics. Consequently, these metrics may not yield the precision and accuracy you´re looking for.

So, what´s the best way to resolve this issue? Since the Arista 7150 switches insert their timestamp in the packets, with the 18.1.1 release, these timestamps can be extracted and used by cPacket devices to feed other tools downstream, thereby harmonizing the timestamps across all the monitoring devices.

Additionally, cPacket´s devices can generate accurate timestamps, and architecturally speaking, are directly connected to the data center switches. Because of cPacket´s well designed architecture, it has become one of the industry´s de-facto standards and used by some of the largest market trading houses.

Special Action Filters and Dynamic Truncation
This feature was created by the need to filter out certain traffic to perform additional processing on a case by case basis. Say for instance a user is receiving SSL encrypted traffic on a cVu port and would like to dynamically slice a portion of the traffic (for specific flows, subnets or hosts) while still sending the remaining traffic to other tools for further analysis. By sending only the traffic of interest to specific tools, this reduces processing requirements, removes irrelevant packet details and saves time and money. The Special Action Filters tie into cPacket´s unique Smart Filter technology, which allows full packet inspection of every byte in every packet in both the header and the payload at wirespeed, ensuring fully granular traffic pruning for performance monitoring and network troubleshooting. Dynamic Truncation, covered in our blog, is a simple and more powerful feature than packet slicing at fixed offsets. In short, dynamic truncation removes TCP or UDP payloads while leaving the header intact. Furthermore, this is very ideal for removing Personally Identifiable Information (PII) for compliance purposes in finance and/or healthcare while retaining the important header information required for troubleshooting the network.

New and improved cSearch
Lastly is cPacket´s cSearch, one of our most popular and widely used feature on the cClear. cSearch is a Google like search feature that can be used to search the entire network for specific combinations of header or payload fields. Search patterns can be regular expressions or specific patterns at a specific offset in the packet header and/or payload. As described in our recent blog, this search feature can be used to identify the location of network traffic anywhere in the network for troubleshooting and improving security by assessing the exposure of security threats in the network. In the 18.1.1 release, we´ve made significant upgrades to the look and feel of cSearch, and extended the facility so that cSearch can be fired-off from any external device via RESTful APIs.
About cPacket Networks
cPacket Networks offers customers that operate large complex networks an innovative Distributed Monitoring Architecture, which delivers higher operational efficiency and more integrated intelligence than legacy "bottleneck by design" centralized solutions. cPacket's distributed intelligence enables operators to proactively pinpoint imminent issues before they become problems that negatively impact end-users, and also to reduce troubleshooting time-to-resolution by over 80 percent. cPacket's advanced Intelligence overcomes scalability issues by leveraging the company's unique algorithmic chip that performs complete packet inspection "immediately at the wire" on the fly. The company's unique next generation network performance monitoring solution combines: dynamic maps visualization, granular key performance indicators, proactive alerting, interactive search (L2-L7), and forensic packet-based analysis on-demand for unmatched integrated operational intelligence. Improving operational efficiency and being proactive enables customers to achieve substantial OPEX and CAPEX savings. Based in Silicon Valley, CA, cPacket solutions are relied on by the operators of the world's largest networks.

Previous Page

Talk to us

+49 6102 748-0