The present disclosure relates to a network packet broker, and to a method of configuring a network packet broker.
A network packet broker is a device that allows the selective routing of packets of information. A network packet broker typically comprises a number of physical network ports that can be used to connect other networked devices. The function of a network packet broker is to receive incoming traffic from connected devices and to retransmit that traffic to other connected devices selectively according to the operator's wishes.
Incoming or ingress traffic is usually a copy of traffic observed on a live network. This may be provided, for example, by a network tap or a Switched Port Analyzer (SPAN) port of a network switch. Outgoing or egress traffic is usually sent to specialist tools on a separate monitoring network for security, performance monitoring and other functions.
In addition to the regular network ports, at least one port on a network packet broker may be designated a management port. Management ports are used for communication with user interfaces to allow operators to configure the system. Management ports may be connected to a management network, which may be the same as the live or monitoring network, or a separate network that is used exclusively for system administration purposes.
The key benefit of a network packet broker is that, once relevant devices have been physically connected to the network ports, ingress traffic can then be directed to different destination ports by appropriate configuration of the network packet broker, without the need for an operator to physically adjust the connected equipment or cabling. Thus any authorised user on the management network may on demand capture traffic, or selected parts of it, from any available location on the live network and send that traffic to any connected tool on the monitoring network.
Known network packet brokers are typically built around a set of physical network ports, a general purpose CPU, and a network switch chip. A network switch chip is a specialist component that connects to a set of incoming and outgoing network ports and is capable of making decisions about how to direct incoming network traffic, based on a configurable list of rules. The CPU runs general management software for the device, including communicating with user interfaces and configuring the rules on the switch chip.
Each incoming packet of traffic is first broken down by the switch chip, which has some embedded knowledge of network protocols. Certain identified data is extracted from the packet if it is present. Typically, headers are picked out from various network protocols if they are in use. This data is combined to form a single binary string called a key. Packets of interest for the user's traffic management purposes can then be identified by comparing some or all of the bits in each incoming packet's key against a second binary string that has a specific value representing the traffic of interest, and selecting packets where all of the required bits match. The bits to be compared are identified by a third binary string known as the mask, which has a 1 in each position to be compared and a 0 in positions to be ignored. The value string and mask string are referred to in combination as a value/mask pair.
The switch chip may be configured with a number of rules in a rule list. Each rule in the rule list typically comprises one or more source ports, a value/mask pair, and a (possibly empty) set of destination ports. The switch chip is typically arranged to apply the rules in its rule list according to the order in which they occur in the list. Thus, when a packet arrives at the switch chip, the switch chip will look for the first applicable rule. A packet arriving at a source port specified by that rule and passing its value/mask pair will be forwarded to all ports in its set of destination ports.
Conventional user interfaces for network packet brokers tend to expose the switch functionality and rule list fairly directly to the user. As a consequence conventional network packet brokers suffer from weak expressive power, manual and error-prone interactions, and potential inefficiencies in terms of the number of rules in the rule list.