Layer 7 Filter

osilayers 7All EX Packetmaster are very good in filtering, thousands of filters without performance leaks. Most of the fields, in the IPv4 and IPv6 layer 4 header can be used as filter match. But sometimes layer 4 is not enough. iltering and modification up to Layer 7 is the playground of the Session Masters. The Session Masters units are working with Network processors, this silicon are highly optimized processors to handling network traffic. Compare to legacy processors many network related functions are implemented in hardware. This is the reason why all Session Master units can process very large amount of data.

But the available packet load per second is lower than the EX series. The max load on the session master is 400 Gbit/sec. The other advantage of the Session Master is the amount of rules (up to 1 Mio) and the very fast change rate of rules per second (up to 12000)

As all Packet brokers from Cubro the Session Master could be used as an endpoint device or also inline.
This advanced features offer a lot full new applications for NPB.
A few examples

This advanced features offers a lot full new applications for NPB.

 

Sessionmaster feature Set 

• Powerful Network Protocol Identifying

Pv4/IPv6, TCP/UDP/SCTP, HTTP, L7, etc

MPLS, PPTP, L2TP, GTP, GRE, IP over IP, VLAN, PPPoE

Gn/IuPS, S11, S1-MME/S1-U/S6a, etc

• Ultra-detailed Traffic

Pv4/IPv6 5-tuple, LTE/3GPP 5-tuple in the tunnel,supporting mask /range

IP 7-tuple (dip, sip, dp, sp, pro, input port, vlan id)

• Classification

Key words; key words + 7-tuple rules to make detailed classification

Gn, S1-MME, S11, S6a, S1-U, etc protocols in PSC/EPC

• Traffic Classification Rule

8 groups of 7-tuple ACL rules, each group containing 2048 IPv4 rules and 2048 IPv6 rules

64 groups of key word rules, each group containing up to 128 key words

2048 extensible IP rules

Millions of accurate 5-tuple rules (non-range and non-mask)

Real-time rule configuration and updating

• Packet Processing

Time stamping, ns-level

Slicing

Replication

IP fragment reassembling

VLAN tag adding or deleting

Identifying GTP upstream and downstream traffic

GRE/GTP/MPLS header stripping

Packet order preserving

4 GB data burst buffering

Filter on the inner IP addresses in any kind of non encrypted tunnel like GTP,GRE,VXLAN,GENEVA, and so on.
Session and Service based load balancing (inner IP in a tunnel)
Filter on protocol flags for advanced trouble shooting, it is possible to match on any byte within the packet.