NetQuestFPGA-Based Advanced Packet Processing Appliance for up to 400Gbps

FPGA기반 Advanced Packet Processing Appliance, up to 400Gbps

<구성 적용 및 활용 사례>

주요 기능

  • + Advanced Packet Processing – Optimisation of tool efficiency through Header Stripping, Deduplication, Packet Slicing (trimming) without packet loss.

  • + Line Rate Filtering – e.g. protocol-based, IP match list-based and/or by means of logical links.

  • + Layer 2 based Filtering – Packet lengths, packet errors, frame types (PPPoE Discovery/Session, LLC, SNAP), EtherType, Encapsulation (CFP Cisco Fabric Path, ISL, VLAN (3 Levels), MPLS (7 Levels), VN-Tag), VLAN Tag Value, TPID , MPLS label, MAC addresses, Broadcasts.

  • + Layer 3 based Filtering – IPv4 or IPV6 version, source/destination addresses (up to 36,000 IPv4 addresses or 8000 IPv6 for exact match and 864 IPv4 or 216 IPv6 subnet match), (ICMP packets), DSCP,ECN/Traffic Class, Protocol/Next Header, TTL/Hop Limit, Flow Label, Fragments (First, Mid, Last), IPv4 header checksum error.

  • + Layer 4 based Filtering – TCP, UDP, SCTP or other, source/destination ports, TCP flags, TCP/UDP checksum errors.

  • + Fragment Filtering – Filtering of IP4 and IP6 fragments.

  • + Data Pattern Matching – Dynamic offset data pattern matching. Based on the start or end of L2, L3, L4 headers or payloads.

  • + Timestamping – A timestamp with nanosecond accuracy is applied to each processed packet using a PTP time server. 
  •  Locally or via external PTP grandmaster according to IEEE 1588v2.

  • + Deduplication – Removal duplicate packets with a programmable deduplication window of 10 µs to 2 seconds.  Configurable packet signatures (masking of variable fields e.g. TTL/Hoplimit, DSCP/TraffType, exclusion of Outer Encapsulations, and more).

  • + Dynamic Packet Slicing/Trimming – Payload removal so that the Ethernet packet contains only the desired number of bytes or information, including a programmable number of bytes offset. Including FCS recalculation. Metadata is preserved. Enables, among other things, to ensure GDPR compliance.

  • + Protocol Header Stripping – Remove protocol headers (e.g. VxLAN, MPLS, FabricPath, VNTag, GTP, GRE, ERSPAN, GENEVE, LISP, PPPoE, etc) and extract IP packet payloads for the benefit of analysis tools that cannot process them via decapsulation and de-tunnelling.

  • + Source Port Labeling – VLAN tagging and untagging or VLAN tag management with ingress tagging and egress stripping.

  • + Aggregation – Consolidation of incoming network traffic to optimise port usage. 1:1, 1:Many, Many:1, Many:Many

  • + Traffic Tunneling – Supports L2, L3, L4 filters (see above). Tunnel types: GRE_v0, GRE_v1, EtherIP, GTPv0U, GTPv1v2-C, GTPv1-U_signaling, GTPv1-U_GPDU, IPinIP; VXLAN, GENEVE and others.

  • + Native Tunnel Termination – L2GRE and VxLAN tunnel termination, including header stripping.

  • + Load Balancing – Intelligent distribution (uni- and bi-directional flows) of traffic to the ports being monitored to preserve traffic integrity and maximise uptime through failover protection. Wide range of hashing algorithms (e.g. 5 tuple, 2 tuple, VLAN, MPLS, etc).

  • + Asymetric Hashing – Asymmetric and individual hashing supports common use cases, e.g. lawful interception

추가 기능

+ Netflow Export – Generate metadata and flow records in standard NetFlow formats such as NetFlow v5, v9 and IPFIX.

+ Packet Masking – Overwriting personally identifiable information (PII) such as voice data, GEO data, IMSI, IMEI, etc. 

+ GTP Filtering – Filtering within the GTP protocol (GTP-C, GTP-U, etc.)


NX-PW-100  4 x   25G   SFP28 interfaces with 100G data throughput – or 4x 1G SFP / 4x 10G SFP+
NX-PW-200  2 x 100G QSFP28 interfaces with 200G data throughput – or 2x 40G QSFP+ / 4x 25G (fan-out) / 8x10G (fan-out)
NX-PW-400  4 x 100G QSFP28 interfaces with 400G data throughput – or 4x 40G QSFP+ / 8x 25G (fan-out) / 16x10G (fan-out)