DPI網路流量複製器｜分流器

CGS AFS模組式DPI網路流量複製器｜流量分流器

CGS模組式DPI深度封包檢測網路流量複製器與分流器，涵蓋了流量複製器與分流器從基本到最高階的功能。除了基本封包過濾、匯聚、複製、分流、加權比重流量負載平衡之外，使用RegEx對封包payload進行深度DPI全封包解析，並可將比對封包所在session的所有封包，一起過濾出來。可以分流如Youtube等串流影音，從Domain Name萃取對應IP清單、MAC置換、ERSPAN終端下車等，加上封包切片(Slicing)、去重複封包(Deduplication)與機敏資料遮罩(Data Masking)、Netflow/IPFIX產生等高階功能，亦支援Tool Service Chain，提升資安設備或網路效能設備分析能力。

原廠：CGS Tower Networks

產品說明

模組式AFS網路流量複製器屬於CGS網絡可視化產品組合中，最高階的產品，功能除了涵蓋一般L4、進階封包處理的網路流量複製器，更具備掃描全封包內容能力，可以payload內容資訊為比對條件過濾封包，例如domain name、網路第七層應用服務特徵等，是一款具配DPI深度封包檢測功能的網路流量複製器。透過AFS提供多元化的過濾與分流能力，提供網路工具正確的流量，以及正確的格式，優化了網路安全和效能監控應用服務。CGS 網路流量複製器軟體搭配最先進的網路晶片，使用正規表示式(Regular Expression)可以對全封包內容掃描與過濾，透過一致的可視化體系結構UVA(Uniﬁed Visibility Architecture)，革新了網路可視化市場，佈署了CGS軟體在最先進、功能強大的網路平台和網路伺服器設備上，提供了卓越的效能和擴充的彈性、與更廣泛的功能選項，增強的生產力和降低 TCO(Total Cost of Ownership)。

CGS AFS是1U的模組化的網路流量複製器(Network Packet Broker)，可以安裝具備硬體Bypass功能的Network TAP模組，或是接收Switch Mirror流量的NPB模組，只為了因應客戶日漸複雜的網路架構，具有更高彈性的選配組合，介面數量可從初期少量採購，未來擴充到大量配備，介面速度可從1G到 100G，可以任選電介面(Copper)、光介面(Fiber)的組合。

AFS提供直觀易懂的圖形化操作介面，能夠以拖曳方式完成分流與過濾設定，降低使用者的學習上手的時間，並且提高工作效率。

一目了然的分流規則摘要：

支援DNS Resolution，可以萃取DNS流量中的IP，將IP存入文字清單：

使用情境

藉由tapping與匯聚多重來源鏈路流量，達到網路可視化目的
由多個1G 或 10G port組成的網路流量複製器
所有介面都設計在1U機箱上
藉由過濾流量、網路切片(Network Packet Slicing)與去除重複封包(deduplication)，降低資料超載的風險。
藉由去除封包表頭內的協定表頭，如MPLS、VLAN、VxLAN、GRE與GTP等等，幫助分析工具進行流量分析。
封包輸出過程中，將客戶機敏資料遮罩
針對封包內可疑字串阻擋、過濾或分流，並可以針對偵測到的封包所屬flow，一起過濾或分流。
更改來源/目的之IP/MAC，使封包可以正確到達指定位置。
幫助未來的分析工作
可以將100G的輸入流量，負載平衡輸出給10台10G介面的分析工具。
使用GRE Tunnel與分公司之間建立資料傳輸通道

檔案下載

CGS Modular AFS

功能	效益
Aggregation	Aggregate and redirect network traffic for further processing
Replication	Enable multiple tools to analyse the same traffic
Inner Tunnel Filtering	Filtering according to inner tunnel parameters (GTP, VXLAN, L2TP)
GRE Tunnelling	Interconnect packet brokers across multiple sites with L2/L3GRE protocol
Filtering	Filtering out unnecessary network traffic with conditional 5-tuple classifiers
User Deﬁned Filters	Track packets that match a certain "window" in the incoming traffic
AND/OR/NOT Operators	Simplify packet broker operation with logic filter actions
Copy	Enable orthogonal filter paths on the same traffic
Layer-7 Filtering	Perform DPI and identify thousands of layer 7 protocols
Regex Filtering	Identity and filter traffic that includes specific strings
Weighted Load Balancing	Distribute traffic across multiple tools and prevent over-subscription
Session Tracking	Track the entire session once the desired pattern has been identified
Port Labelling	Track packet path by adding VLAN tags that indicate its ingress port
Header Stripping	Remove headers (MPLS, VLAN, PPP, QinQ, VN-TAG, VXLAN, GRE, GTP, L2TP)
Header Editing	Modify MAC, VLAN and IP headers
Deduplication	Maximize tool performance by eliminating duplicated packets
Data Masking	Protect sensitive data by overwriting it before it is sent to the tools
Packet Slicing	Reduce data overload by removing packet payload and/or any unnecessary data
Capping & Sampling	Reduce traffic by sampling traffic and/or limiting rates
Time Stamping	Enhances network visibility with nanosecond time stamping capabilities
Capture	Capture PCAP files in filter granularity for further analysis
De-Fragmentation	Assemble packet fragments to complete packets
IPFIX/NetFlow	Generation and distribution of IPFIX/NetFlow ﬂows
Management	Web UI, CLI, SNMP, Net CONF, REST API

主要特色

完整NPB(Network packet broker)網路流量複製器功能，包括：De- duplication, layer 7 and regex filtering

基本配備：2 x 10GE SFP+ Ports and
4 x NMC extension slots with Bypass options

高達100G 網路封包處理能力

NMC slot options:
8 x 1G RJ45 Copper Ports with 4 Bypass pairs
8 x 1G RJ45 Copper or 1G SFP Ports
4 x 1G RJ45 Copper + 4 x 1G SFP Ports
4 x 10G SFP+ Ports with 2 Bypass pairs
4 x 10G SFP+ Ports
8 x 10G SFP+ Ports
2 x 25G SFP28 Ports
2 x 40G QSFP Ports + Bypass module option
1 x 100G QSFP28 (Requires two NMC Slots)

功能特性

CGS Modular AFS

功能	效益
Aggregation	Aggregate and redirect network traffic for further processing
Replication	Enable multiple tools to analyse the same traffic
Inner Tunnel Filtering	Filtering according to inner tunnel parameters (GTP, VXLAN, L2TP)
GRE Tunnelling	Interconnect packet brokers across multiple sites with L2/L3GRE protocol
Filtering	Filtering out unnecessary network traffic with conditional 5-tuple classifiers
User Deﬁned Filters	Track packets that match a certain "window" in the incoming traffic
AND/OR/NOT Operators	Simplify packet broker operation with logic filter actions
Copy	Enable orthogonal filter paths on the same traffic
Layer-7 Filtering	Perform DPI and identify thousands of layer 7 protocols
Regex Filtering	Identity and filter traffic that includes specific strings
Weighted Load Balancing	Distribute traffic across multiple tools and prevent over-subscription
Session Tracking	Track the entire session once the desired pattern has been identified
Port Labelling	Track packet path by adding VLAN tags that indicate its ingress port
Header Stripping	Remove headers (MPLS, VLAN, PPP, QinQ, VN-TAG, VXLAN, GRE, GTP, L2TP)
Header Editing	Modify MAC, VLAN and IP headers
Deduplication	Maximize tool performance by eliminating duplicated packets
Data Masking	Protect sensitive data by overwriting it before it is sent to the tools
Packet Slicing	Reduce data overload by removing packet payload and/or any unnecessary data
Capping & Sampling	Reduce traffic by sampling traffic and/or limiting rates
Time Stamping	Enhances network visibility with nanosecond time stamping capabilities
Capture	Capture PCAP files in filter granularity for further analysis
De-Fragmentation	Assemble packet fragments to complete packets
IPFIX/NetFlow	Generation and distribution of IPFIX/NetFlow ﬂows
Management	Web UI, CLI, SNMP, Net CONF, REST API