We Design, Develop and Manufacture our Products in Silicon Valley, USA.
Niagara Networks™ provides all the building blocks for an advanced Visibility Adaptation Layer at all data rates up to 100Gb, including packet brokers, bypass elements, network taps and a unified management layer.
Inline Always-on Security - Uninterrupted Network Uptime
A Network Bypass Switch ensures failover or fail-safe capabilities for an inline networking device or a network security tool such as a firewall, NGFW, IDS/IPS, WAF, DDOS and many other flavours of threat detection platforms. If the network or security appliance fails or needs to be taken off-line for whatever reason, its traffic is automatically rerouted, ensuring uninterrupted traffic flow on the network.
BypassP2 - Advanced Carrier-Grade Bypass Switches
- Our signature BypassP2 offers carrier-grade double-protection bypass technology for all network speeds up to 100Gbps.
- BypassP2 is available in multiple bypass segment options, supporting a range of electrical and optical network interfaces up to 100Gb.
- Each BypassP² segment comprises two network ports and two appliance ports
- A fail-safe / fail-open optical/copper relay on network ports, and user-configurable heartbeat-generated packets on appliance ports.
- All products based on BypassP2 can be user-configured as active network TAPs as well.
Understanding Bypass Switch
Normal operation of a network bypass:
The traffic between 2 network elements (ie: router, switch) go through an inline network security tool.
In the case of a failure of the inline tool/appliance -
the bypass makes sure the traffic between the network elements remains up and running.
BYPASS SWITCH FAILURE
In the case of power failure of the bypass switch itself,
the traffic between the network elements continues to flow thanks to optical/copper relay
Protecting network traffic flow in case of BypassP2 failureWhen power fails, the optical-relays in the bypass switch ensure that the network flow continues uninterrupted. The optical relays can be configured fail open or fail close to meet specific deployment needs.This ensures uninterrupted network services under all conditions.
Protecting network traffic flow in case of appliance failuresThe BypassP² transmits a user-configurable heartbeat on the appliance ports. In the event of an appliance malfunction (such as a software crash, system failure or loss of power), the failure is detected, and the BypassP² redirects the traffic intended for the inline appliance to the network ports, allowing it to continue to flow through the network link. This feature also enables the network appliances or network security tools to be removed and replaced without network downtime. Once the system is backed up, or the power is restored to the appliance, it is detected by the BypassP² heartbeat mechanism, and network traffic is seamlessly diverted back to the inline device, allowing it to resume its critical functions.
Next Generation of Network Packet Brokers for Ultimate Flexibility, Performance and Agility
The most important thing you could add to your network...
Niagara's Packet Brokers deliver access to network data to NetOps & SecOps to enable detection, investigation and response to threats in real-time. Our NPB solutions are empowered by comprehensive Technology Alliance Program with world-class technology leaders and deployed in the world's most prominent networks.
What Exactly Does a Network Packet Broker Do
Niagara’s NPB advanced solutions perform a range of crucial functionalities for all types of networks, even those with extremely complex architectures and that are resource-intensive including:
- Total Network Visibility - Identifying known, suspicious, and unknown traffic passing through the network
- Network robustness - Ensuring data loss prevention and advanced filtering, as well as high availability, stripping, and other special-purpose packet capabilities. Including complex Regular Expression(REGEX) filtering and headers stripping for filtered traffic which inspection tools can process and analyze
- Network management - Not just knowing how to monitor network traffic, but also knowing what to do with each type of traffic: where to pass known (authorized) data types, and how to handle suspicious and unknown traffic to simplify APM and NPM analytics and reporting
- Advanced network security - streamline security analysis and advanced threat detection and prevention
Why You Need a Network Packet Broker
In their role as data analyzers, Niagara’s Packet Brokers can also handle deduplication of redundant (duplicate) packets before they reach analysis or security tools within the network, that are passed along by multiple TAPs forwarding their data traffic. The NPBs will eliminate those duplicates and make sure network tools do not waste resources on handling redundant data.
Basic data packet manipulation schema includes one network link, to one tool (one-to-one), one network link to multiple tools (one-to-many), multiple network links to one tool (many-to-one) and multiple network links to multiple tools (many-to-many) – interlaced and load balanced into a network-wide fabric.
The Broad Family of Network Packet Brokers that Sets the Standard for (NetOps and SecOps) Agility
Niagara Networks offers a broad range of Network Packet Brokers that can be optimised for different use cases and application scenarios, providing your organization with the following 5 major benefits:
- Solves architectural complexity whilst creating clear segmentation of network traffic to networking monitoring and security tools
- Ultra-high granular view of packet flows from any TAP use case including Niagara's CloudRay virtual TAP solution
- Simplify Application and Network Performance (APM / NPM) analytics and reporting
- Streamline security analytics and advanced threat inspection and prevention
- Maximise tool efficiency and scale - optimization of traffic capacity and reduction of duplicated and non-relevant headers and payload
Best Practices for Choosing a Network Packet Broker
Network packet brokers differ from manufacturer to manufacturer – and even within the manufacturer’s offerings, there may be significant variations (i.e. they will have distinctive features or levels of functionality). Therefore, differentiating and understanding the essential features versus the ‘nice-to-have’ ones – with respect to your current and future needs – is of paramount importance, especially when weighing initial costs versus ROI.
In addition to their standard general capabilities (such as previously mentioned traffic management, network robustness, deduplication, filtering, and aggregation) manufacturers are evolving their NPB offerings with new facets and features. As an example, some manufacturers now offer a new breed of modular NPBs that support both active and passive TAP devices (that can be easily attached to the NPBs). In this way, network designers can place a modular NPB inline, within the network, and then add as many TAP devices as needed (with their respective monitoring tools), thus significantly simplifying wiring, and other network design issues.
In addition, some NPB vendors have been known to customize the packet broker functionality, to tailor features to adapt to specific IT requirements or to specific industries and their needs.
Here is a handy mini-checklist of required and recommended ‘nice-to-have’ features to look for, when selecting a network packet broker:
- High availability (HA) / business continuity (BC) robustness
- Ability to handle deep packet inspection (DPI)
- Selective or full data traffic aggregation and regeneration as well as load balancing
- Filtering and data packet deduplication features
- Centralized administration including a manageable interface (Web, GUI, or CLI)
- Optimized buffering and other high-performance features
- Support for inline monitoring devices
- Support for passive inspection and analysis tools
Another aspect worth considering, is understanding how the NPB reacts to specific brokering issues, such as in a failover scenario (how it will handle traffic flow if it, or some connected network element, should fail). Of course, technical specifications such as latency and flow thresholds should also be taken into account when deciding on a selection.
Collect and intercept any network infrastructure up to 400Gb speeds
What is a Network TAP (Terminal Access Point)?
A network TAP is an external network device that creates a “copy” of the traffic for use by various monitoring devices. It allows traffic mirroring and is an intricate part of an organization's network stack. The network TAP device is introduced at a point in the path of the network that is felt should be observed, so that it can copy data packets and send them to a monitoring device. The network designer will decide where the significant points for the network TAPs should be placed in the network infrastructure, based on the reason for network interface observation: data gathering, analysis, general network monitoring (such as for saturation and latency), or more critical, such as for intrusion detection, etc.
Active Network TAP Device
The monitoring/TAP ports provide a configurable TAP. Traffic received from either side of the link is copied and sent to one or multiple (aggregating) monitoring ports.
In case of a power failure and the device cease active operation, the traffic flow is maintained. The integrated active TAP point loses its visibility.
Passive Network TAP Device
The passive monitoring/TAP ports provide a fixed TAP configuration. Traffic received from either side of the network link is copied to a corresponding TAP/monitoring port. Transparency to network speeds offers high flexibility to intercept traffic at 1Gbps, 10Gbps, 25Gbps, 40Gbps, 50Gbps, 100Gbps and 400Gbps traversing communication protocols.
In case of a power failure and the device cease active operation, the traffic flow as well as the visibility on the TAP ports is maintained providing full visibility in all circumstances.
Niagara Products Offering - TAP Functionality
Flexibility and multi-purpose offering for various network use cases