CGS AFS模組式DPI網路流量複製器|流量分流器
CGS模組式DPI網路流量複製器與分流器,涵蓋了流量複製器與分流器從基本到最高階的功能。除了基本封包過濾、匯聚、複製、分流、加權比重流量負載平衡之外,使用RegEx對封包payload進行深度DPI全封包解析,並可將比對封包所在session的所有封包,一起過濾出來。可以分流如Youtube等串流影音,從Domain Name萃取對應IP清單、MAC置換、ERSPAN終端下車等,加上封包切片(Slicing)、去重複封包(Deduplication)與機敏資料遮罩(Data Masking)、Netflow/IPFIX產生等高階功能,亦支援Tool Service Chain,提升資安設備或網路效能設備分析能力。
原廠:CGS Tower Networks
CGS模組式DPI網路流量複製器與分流器,涵蓋了流量複製器與分流器從基本到最高階的功能。除了基本封包過濾、匯聚、複製、分流、加權比重流量負載平衡之外,使用RegEx對封包payload進行深度DPI全封包解析,並可將比對封包所在session的所有封包,一起過濾出來。可以分流如Youtube等串流影音,從Domain Name萃取對應IP清單、MAC置換、ERSPAN終端下車等,加上封包切片(Slicing)、去重複封包(Deduplication)與機敏資料遮罩(Data Masking)、Netflow/IPFIX產生等高階功能,亦支援Tool Service Chain,提升資安設備或網路效能設備分析能力。
產品說明
模組式AFS網路流量複製器屬於CGS網絡可視化產品組合中,最高階的產品,透過AFS提供正確的流量,與 流量提供 所需的資料、以及正確的格式,優化了網路安全和效能監控應用服務。CGS 網路流量複製器軟體搭配最先 進的網路晶片,搭配 正規表示式(Regular Expression)可以對全封包內容掃描與過濾,透過一致的可視化體系結構UVA(Unified Visibility Architecture),革新了網路可視化市場,從而簡化佈署了CGS軟體在最先進、可擴充且功能強大的Appliance和網路伺服器設備上,提供 了卓越的效能和可 擴充性、更廣泛的功能選項,增強的生產力和降低 TCO(Total Cost of Ownership)。
CGS AFS是1U的模組化的網路流量複製器(Network Packet Broker),可以安裝具備硬體Bypass功能的Network TAP模組,或是接收Switch Mirror流量的NPB模組,只為了因應客戶日漸複雜的網路架構,具有更高彈性的選配組合,介面數量可從初期少量採購,未來擴充到大量配備,介面速度可 從1G到 100G,可以任選電介面(Copper)、光介面(Fiber)的組合。
CGS AFS是1U的模組化的網路流量複製器(Network Packet Broker),可以安裝具備硬體Bypass功能的Network TAP模組,或是接收Switch Mirror流量的NPB模組,只為了因應客戶日漸複雜的網路架構,具有更高彈性的選配組合,介面數量可從初期少量採購,未來擴充到大量配備,介面速度可 從1G到 100G,可以任選電介面(Copper)、光介面(Fiber)的組合。
| 主要特色 |
| 完整NPB(Network packet broker)網路流量複製器功能,包括:De-duplication, layer 7 and regex filtering |
| 基本配備:2 x 10GE SFP+ Ports and 4 x NMC extension slots with Bypass options |
| 高達100G 網路封包處理能力 |
| NMC slot options: 8 x 1G RJ45 Copper Ports with 4 Bypass pairs 8 x 1G RJ45 Copper or 1G SFP Ports 4 x 1G RJ45 Copper + 4 x 1G SFP Ports 4 x 10G SFP+ Ports with 2 Bypass pairs 4 x 10G SFP+ Ports 8 x 10G SFP+ Ports 2 x 25G SFP28 Ports 2 x 40G QSFP Ports + Bypass module option 1 x 100G QSFP28 (Requires two NMC Slots) |
|
使用情境
|
功能特性
CGS Modular AFS
| 功能 | 效益 |
| Aggregation | Aggregate and redirect network traffic for further processing |
| Replication | Enable multiple tools to analyse the same traffic |
| Inner Tunnel Filtering | Filtering according to inner tunnel parameters (GTP, VXLAN, L2TP) |
| GRE Tunnelling | Interconnect packet brokers across multiple sites with L2/L3GRE protocol |
| Filtering | Filtering out unnecessary network traffic with conditional 5-tuple classifiers |
| User Defined Filters | Track packets that match a certain "window" in the incoming traffic |
| AND/OR/NOT Operators | Simplify packet broker operation with logic filter actions |
| Copy | Enable orthogonal filter paths on the same traffic |
| Layer-7 Filtering | Perform DPI and identify thousands of layer 7 protocols |
| Regex Filtering | Identity and filter traffic that includes specific strings |
| Weighted Load Balancing | Distribute traffic across multiple tools and prevent over-subscription |
| Session Tracking | Track the entire session once the desired pattern has been identified |
| Port Labelling | Track packet path by adding VLAN tags that indicate its ingress port |
| Header Stripping | Remove headers (MPLS, VLAN, PPP, QinQ, VN-TAG, VXLAN, GRE, GTP, L2TP) |
| Header Editing | Modify MAC, VLAN and IP headers |
| Deduplication | Maximize tool performance by eliminating duplicated packets |
| Data Masking | Protect sensitive data by overwriting it before it is sent to the tools |
| Packet Slicing | Reduce data overload by removing packet payload and/or any unnecessary data |
| Capping & Sampling | Reduce traffic by sampling traffic and/or limiting rates |
| Time Stamping | Enhances network visibility with nanosecond time stamping capabilities |
| Capture | Capture PCAP files in filter granularity for further analysis |
| De-Fragmentation | Assemble packet fragments to complete packets |
| IPFIX/NetFlow | Generation and distribution of IPFIX/NetFlow flows |
| Management | Web UI, CLI, SNMP, Net CONF, REST API |
