The next layer to make your network

visible for monitoring

High Performance
Network Packet Broker
Network Monitoring Switch

V 4.6 Oct. 2015

The information contained in this presentation is for general information purposes only. We endeavor to keep the information
up to date and correct, we make no representations or warranties of any kind or availability with respect to the presentation
or the information, products, or related content contained on the presentation for any purpose.

Company Overview
Established in 2004
Headquarter in Austria/ Vienna
Global Presence and Sales and
Support operations(North America, Europe and
Asia offices)
Flexibility for customize solutions
Quality Assurance with ISO certification
Competitive and affordable Pricing
Unparalleled High Performance and scalability
solutions with full features set
Size not always matters

Trusted Customer Reference

Alliance Solutions with Cubro NPB

Network Monitoring/
Security Applications
Service/Application
Providers

Security / DPI

Enterprise Security

Enterprise A/NPM

Network Packet Brokers(NPBs)

Network Infrastructure

Cubro Product Portfolio

Basic Tap and Accessories
Network, Converter, optical, Regenerator and
Bypass Tap for passive & active TAPs for
SPAN

Desktop and Appliance

Network Packet Broker
1G/10G/40G/100G
Aggregate and Distribute traffic capture for
passive tools
Line-rate up to layer 4 with
scalability platform

Network Packet Broker

10G/40G
Aggregate and Distribute traffic capture for
passive tools line-rate up to layer 7 with
Protocol Identification and traffic classification

Challenges with Conventional Monitoring

SPAN Ports contention(To Capture packet loss by oversubscription and CPU burden on network elements)
Fixed 1:1 Tool: Port Mapping proves costly and inefficiency
Network: tool speed mismatch slows deployments
Traffic Volume Exceeds Probe and Analyzer Capacities
Many Monitoring Tools(Security and Performance) need
network visibility to the same Traffic
Correlation of Data is required for Multiple Monitoring Tools

Network Packet Broker Benefits

Achieved Centralized Monitor Data using NPB
Fewer Monitoring Tools Needed reduced wastage
Increased Analyzer / Analytics Efficiency with E2E
visibility
Reduced Incident Response Times
Significant Monitoring & Operational Cost Reduction
Maximize ROI from tool investments
Increase security resilience by ensuring networks are
durable against growing IT security threats

Monitoring Layers
Tools

Packet
Broker
Layer 2 -7

TAP
physical layer

Network

Cubros playground

Aggregation

Traffic
aggregation
and multiplication, to
send all traffic to all
tools.
l no reorder
l no loss
l no jitter

l passive tap traffic

l No influence
the live link

Any to Any | Any to Many | Many to Many

on

Aggregation & Filtering

Traffic
aggregation
and
multiplication,
and filtering to send
only the relevant
traffic to the tools.
l no reorder
l no loss
l no jitter

l passive tap traffic

l No influence
the live link

Thousands of filters L2 to L7

on

Filtering on EX Series
Filtering is possible on
all the marked fields
shown in this IP
header diagram
Positive and Negative
filtering is possible
Min. 2000 Filters per
unit up to 1 Mio.

All this fields can be also modified !

UDF Filtering on EX Series

Sometimes layer 4 filtering is not enough
Now Cubro supports UDF (user defined filtering)
This feature allows to filter in the first 128 Byte for a 4 byte match

Supported by EX 32(+), EX 484-3,EX 20400, EX 48400

Filter beyond L4

Load balancing
Traffic
aggregation
and
multiplication,
and load balancing to
send only a portion of
the traffic to the tools.
To prevent overload !
l no reorder
l no loss
l no jitter

l passive tap traffic

l No influence
the live link

Many LB groups | LB from L2 to L7

on

Session Master app

GTP load balancing based on inner IP
GTP inner filter criteria

GTP inner source IP

GTP inner destination IP

GTP inner source IP or destination IP

GTP inner source IP range by CIDR

GTP inner destination IP range by CIDR

GTP inner source IP range or destination IP range by CIDR

GTP inner source IP range by user define (ex. 172.22.172.133- 193)

GTP inner destination IP range by user define (ex. 172.22.172.133-193)

GTP inner source IP range or destination IP range by user define (ex.172.22.172.133- 193)

GTP inner source port | GTP inner destination port

GTP inner source port or destination port

GTP inner source port range by user define (ex. 2000-2999)

GTP inner destination port range by user define (ex. 2000-2999)

GTP inner source port range or destination port range by user define (ex. 2000-2999)

GTP inner filter criteria from source and destination IP for IPv4 IP and IPv6 IP

Combined all GTP inner filter criteria with AND or OR condition to filter by multiple GTP
inner filter criteria as PASS criteria

Combined all GTP inner filter criteria with AND or OR condition to filter by multiple GTP
inner filter criteria as DROP criteria

Combined all GTP inner filter criteria with AND or OR condition to filter by multiple GTP
inner filter criteria as PASS and DROP combination criteria

Controlling the Packetmaster

CLI
A CLI which has a full scripting functionality and root access to the
Linux on the unit which controls the Hardware. North and
Southbound integration via shell scripts and python scripts
possible.

WEB GUI
Easy to use and efficient GUI

Rest API
All EX models support REST API to control the unit

Cubro Control V2
A server based solution, where a single server controls all
Packetmasters. With the option of doing DPI and load balancing in
higher layers.

Packetmaster WEB GUI

Cubro Control V2
Cubro Control is a server based application which adds monitoring-like and dpi
functions to network packet brokers.
Cubro Control provides a range
of interfaces to connect with the
world.
Cubro control cannot control
Cubro Packet Broker.
We are open to also work with
any 3d party products north- and
southbound.

Cubro Control V2
Main Features

Single point of controlling a tap network

Inventory database

Meta to real world correlation

Troubleshooting the Tap network

Help to extract only the relevant Data

Reduce monitoring costs

Security protect data from unlawful use

Extended Monitoring and Statistics of the TAP

System

Advanced Filtering L7 / Session

Full automated Applications

Packet Master and Session Master

Product Detail and specifications

The Cubro Packet Broker are available

in three variations

EX

Session Master

products
Based on high performance switch fabric
Filtering up to Layer 4
Filtering on the first 128 Bytes on several units
Up to 2.4TBit/s load

Network Processor based

Filter up to Layer 7, offset based filters
Session aware load balancing
Protocol decoding
1 Mio filters/rules
12000 filter rule changes per sec
Up to 560GBit/s load

Packetmaster Matrix 1/3

EX2

EX5-2

EX6

EX12

48 Gbit

176 Gbit

176 Gbit

176 Gbit

Ports Gbit

4 Copper

48 Copper

48 SFP

* 8 SFP/8 Copper

Ports 10 Gbit

** 2 SFP+

4 SFP/SFP+

4 SFP/SFP+

** 12 SFP+

Ports 40 Gbit

NO

NO

NO

NO

to Layer 4

to Layer 4

to Layer 4

to Layer 4

YES

YES

YES

YES

to Layer 4

to Layer 4

to Layer 4

to Layer 4

MPLS/VLAN/GRE

VLAN/GRE

VLAN/GRE

MPLS/VLAN/GRE

WEB/CLI/
MENU/API
YES

WEB/CLI/
MENU/API
YES

WEB/CLI/
MENU/API
YES

WEB/CLI/
MENU/API
YES

Delay

< 1 s

< 1 s

< 1 s

< 1 s

Dual Power

YES

YES

YES

YES

Packet load

DPI
Filtering
Aggregation
Load balancing
en/de capsulation
GUI
Packetbuffer

* Only SFP ore Copper ports are usable

** ports can be configured as 1G or 10G

Packetmaster Matrix 2/3

EX484-3

EX32

EX32(+)

Packetload

1.2 Tbit

640 Gbit

800 Gbit

Ports Gbit

** 48 SFP

** 32 SFP+

32 SFP+

Ports 10 Gbit

** 48 SFP+

** 32 SFP+

32 SFP+

Ports 40 Gbit

5 QSFP

0 QSFP

2 QSFP

NO

NO

NO

to Layer 4

to Layer 4

to Layer 4

YES

YES

YES

to Layer 4

to Layer 4

to Layer 4

DPI
Filtering
Aggregation
Loadbalancing
en/de capsulation

MPLS/VLAN/GRE/ MPLS/VLAN/GRE/ MPLS/VLAN/GRE/

VXLAN
VXLAN
VXLAN
CLI/MENU/API

CLI/MENU/API

Packetbuffer

YES

YES

WEB/CLI/MENU
/API
YES

Delay

< 1 s

< 1 s

< 1 s

Dual Power

YES

YES

YES

GUI

** ports can be configured as 1G or 10G

Packetmaster Matrix 3/3

EX20400

EX48400

Packetload

2.4 Tbit

2.4 Tbit

200 Gbit

100 Gbit

Ports Gbit

**48 SFP

24

12

Ports 10 Gbit

*** 80 QSFP

**48SFP+

20

10

Ports 40 Gbit

20 QSFP

2 QSFP

Ports 100 Gbit

4 QSFP28

4 QSFP28

NO

NO

YES

YES

to Layer 4

to Layer 4

to Layer 7

to Layer 7

YES

YES

YES

YES

to Layer 4

to Layer 4

to Layer 7

to Layer 7

DPI
Filtering
Aggregation
Loadbalancing
en/de capsulation
GUI

Sessionmaster48 Sessionmaster24

MPLS/GRE/VLAN/VXLANMPLS/GRE/VLAN/VXLANMPLS/GRE/VLAN/VXLANMPLS/GRE/VLAN/VXLAN

CLI/MENU/API

CLI/MENU/API

CLI/API

CLI/API

Packetbuffer

YES

YES

YES

YES

Delay

1 s

1 s

1 s

1 s

Dual Power

YES

YES

YES

YES

** ports can be configured as 1G or 10G *** ports can be 40 Gbit or 4 x 10 Gbit

Session Master EXA Product Matrix

Type

EXA 28

EXA40

EX56

EXA232

10 Gbit Ports

28

40

56

32

40 Gbit ports

AC Power

Yes

Yes

Yes

Yes

DC Power

Yes

Yes

Yes

Yes

Layer 7 processing

Yes

Yes

Yes

Yes

Throughput

280 Gbps

400 Gbps

560 Gbps

400 Gbps

Traffic Forwarding

280 Gbps

400 Gbps

560 Gbps

400 Gbps

Traffic Replication

280 Gbps

400 Gbps

560 Gbps

400 Gbps

Application performace

40 Gbps

40 Gbps

40 Gbps

40 Gbps

GTP Correlation

20 Gbps

20 Gbps

20 Gbps

20 Gbps

Packetmaster EX2
Desktop Packet Broker

Packet load

48 Gbit

Ports 10/100/1000

4 Base-T

Ports 10 Gbit

2 SFP/SFP+

Ports 40 Gbit

none

GUI

CLI/MENU/GUI

Packetbuffer

YES

Delay

< 1 S

Dual Power

YES

2000 Filters Layer 4

VLAN tag/detag
MPLS tag/detag
Header modification Layer 4
Load balancing Layer 3
GRE de/encapsualtion
All ports activated
All software activated
Low power design

Small in size & price but big performance

Packetmaster EX5-2

Packet load

176 Gbit

Ports Gbit

48 RJ 45

Ports 10 Gbit

4 SFP/SFP+

Ports 40 Gbit

none

GUI

CLI/WEB/GUI

Packet buffer

YES

Delay

< 1 S

Dual Power

YES

12000 Filters Layer 4

MPLS tag/detag
VLAN tag/detag
Header modification Layer 4
Load balancing Layer 3
GRE de/encapsulation
All ports activated
All software activated
Low power design

Base-T aggregator & filter & LB

Packetmaster EX6

Packet load

176 Gbit

Ports Gbit

48 SFP

Ports 10 Gbit

4 SFP/SFP+

Ports 40 Gbit

none

GUI

CLI/GUI

Packet buffer

YES

Delay

< 1 S

Dual Power

YES

2048 Filters Layer 4

MPLS tag/detag
VLAN tag/detag
Header modification Layer 4
Load balancing Layer 3
GRE de/encapsulation
All ports activated
All software activated
Low power design

Flexible optical and copper ports on your need

Packetmaster EX12

Packet load

176 Gbit

Ports Gbit

8 SFP + 8 Base-T

Ports 10 Gbit

12 SFP/SFP+

Ports 40 Gbit

none

GUI

CLI/WEB/GUI

Packet buffer

YES

Delay

< 1 S

Dual Power

YES

12000 Filters Layer 4

MPLS tag/detag
VLAN tag/detag
Header modification Layer 4
Load balancing Layer 3
GRE de/encapsulation
All ports activated
All software activated
Low power design

Small in price if you need more than 4 x 10 Gbit

The new G4 platform

Standard Feature set:
All ports are activated no port license
Traffic aggregation any to any, many
to any, many to many
Inline traffic steering
Inline traffic modification up to layer 4
Traffic filtering up to layer 4
UDF filters in the first 128 Bytes
No performance degradation in
relation to the amount of filter usage

Advanced Feature set:

Typical application:

Traffic filtering for monitoring to reduce the amount of traffic for

the probe.
Traffic modification for monitoring.
Removing MPLS and VLAN tags in the case the monitoring
device
could not handle the tags.
Changing MPLS and VLAN tags.
GRE termination point in virtual environments.
VXLAN termination point in virtual environments.
Load balancing for monitoring.
Bypass devices up to 100 Gbit.

All ports are in- and outputs at the same time

64000 Rules IPv4 and IPv6
Multi table support
Load balancing in layer 3 + 4 (user configurable)
Dynamic load balancing EFD detection (elephant flow detection)
GRE encapsulation and decapsulation
VXLAN encapsulation and decapsulation
NVGRE encapsulation and decapsulation
GENEVE encapsulation and decapsulation
Non blocking design
Packet forwarding delay < 1 s
Jumboframe support
Microburst detection

Packetmaster EX32(+)

Packet load

640/800 Gbit

Ports 40 Gbit

2 QSFP

Ports 10 Gbit

32 SFP+

Ports 1 Gbit

32 SFP

GUI

CLI/WEB/GUI

Packet buffer

9 Mbyte

Delay

< 1 s

Dual Power

YES

64000 Filters Layer 4

MPLS tag/detag
VLAN tag/detag
VXLAN/NVGRE/GENEVA
Header modification Layer 4
Load balancing Layer 3
GRE de/encapsulation
All ports activated
All software activated
Low power design

Packetmaster EX484-3

Packet load

1.440 Tbit

Ports 1G/10 Gbit

48 SFP/SFP+

Ports 40 Gbit

6 QSFP

GUI

CLI/WEB/GUI

Packetbuffer

YES

Delay

< 1 S

Dual Power

YES

64000 Filters Layer 4

MPLS tag/detag
VLAN tag/detag
VXLAN/NVGRE/GENEVA
Header modification Layer 4
Load balancing Layer 3
GRE de/encapsulation
All ports activated
All software activated
Low power design

Packetmaster EX48400

Packetload

2.4 Tbps

Ports 10 Gbit

48

Ports 40 Gbit

2 or 6

Ports 100 Gbit

GUI

CLI/WEB/GUI

Packetbuffer

YES

Delay

< 1 S

Dual Power

YES

52 x 10 Gbit + 4 x 100 Gbit

72 x 10 Gbit (with breakout cable)

64000 Filters Layer 4

MPLS tag/detag
VLAN tag/detag / Q in Q
Header modification Layer 4
Load balancing Layer 4
GRE de/encapsulation
VXLAN de/encapsulation
All ports activated
All software activated
Low power design
Jumbo Frames 12000 Bytes

All features activated no extra charge

Packetmaster EX20400

64000 Filters Layer 4

MPLS tag/detag
Ports 40 Gbit
20
VLAN tag/detag / Q in Q
Ports 100 Gbit
4
Header modification Layer 4
GUI
CLI/WEB/GUI
Load balancing Layer 4
Packetbuffer
YES
GRE de/encapsulation
Delay
< 1 S
VXLAN de/encapsulation
Dual Power
YES
All ports activated
All software activated
Low power design
4 x 10 Gbit 19 x 40 Gbit + 4 x 100 Gbit
Jumbo Frames 12000 Bytes
80 x 10 Gbit (with breakout cable) + 4 x 100 Gbit
Packet load

2.4 Tbps

All ports activated no extra charge

Sessionmaster 48

Packet load

200 Gpbs

Ports 10 Gbit
Ports 1 Gbit

24 SFP+
24 SFP

GUI

CLI/GUI

Packetbuffer

YES

Delay

1 s

Dual Power

YES

1 Mio Filters Layer 7

Session based Load balancing
defragmentation
MPLS tag/detag
VLAN tag/detag
Header modification Layer 4
Load balancing Layer 3
GRE de/encapsulation
Jumbo Frames 12000 Bytes

Sessionmaster 48

Packetload

200 Gpbs

Ports 10 Gbit
Ports 1 Gbit

24 SFP+
24 SFP

GUI

CLI/GUI

Packetbuffer

YES

Delay

1 s

Dual Power

YES

1 Mio Filters Layer 7

5000 filter changes per sec
Session based Load balancing
defragmentation
MPLS tag/detag
VLAN tag/detag
Header modification Layer 4
Load balancing Layer 3
GRE de/encapsualtion
Jumbo Frames 12000 Bytes

Usecases

100 Gbit GTP load balancing

100 Gbit live link

Optical tap

100 Gbit load balancing with EX 48400

load balancing to several 10 Gbit links based on IP hashes

GTP session aware load balancing with EXA28

GTP session aware load balancing to several 10 Gbit links

Sessionmaster 48
SMS intercept application, by redirect SS7 MAP traffic transported on a
sigtran link.

Sessionmaster 48
GTP load balancing

Packetmaster Monitoring Applications

Input:

32 10 Gbit links (64 ports)

Output:

8 x 10 Gbit to different tools

TAP

NPB
Break out box

Call for the incredible price of this powerful app.

Aggregation and filtering

60 x 10/100 Mbit links:

Solution 60 x 100 Mbit Cubro passiv TAP and

3 Packetmaster EX 5-2
cabling with ultra thin RJ45 CAT cable
filtering on SCTP ports possible
total power 390 Watts

Dual use of ports

Monitoring of a 10 Gbit link with EX2+.
The EX2+ has compared to the EX2 on the
back two optical taps embedded. (One for
single mode on for multi mode.
1:) Connect the link over the Tap, this is save
because it is a passive device no power is
needed.
2:) Connect the two outputs to the two
receivers of the EX2+
3:) The transceivers are still available and
can be used as monitoring output !
4:) Now you must add two rules
Input 5 to output 5 and Input 6 to output 5

Available on any PM no extra charge

Typical Cubro TAP Solutions

Application GRE de en capsulation

Virtualization is a very common approach in data centers, but for monitoring

purposes it is somehow not so easy, because the network communication
within the hyper visor is not transported over the physical NIC in the server, it
is transported over the virtual switch. Thus, there is no access to this traffic.
It is common to use virtual taps to solve this issue. But this virtual taps can
not send out the traffic straight, they use in most cases a GRE tunnel. GRE is
a L2 transparent tunnel.

Standard feature on all EX units

Application GRE de en capsulation

Running with line speed

Encapsulation (Routing)

Routing options:
VLAN / MPLS / GRE / VXLAN

Cross connect/Patch field

The Packetmaster EX can be
used as intelligent patch
field. This feature is possible
because the EX has no
designated in- and out-port
configuration, each port is
input and output at the same
time.
The non-blocking concept is
also relevant to use it as an
intelligent patch field, full line
rate is supported on any
port.

Cross connect/Patch field

6 EX20400 units mashed to a cross connect with 480 x 10 Gbit full duplex
ports the backbone is 300 Gbit full duplex.

The big advantage of this application is the flexibility, it can grow and
can be spread over a campus ore a whole country.

Typical Application with 200 Gbps load balancing

to feed a IDS system

Intercept solution with Bypass

1. Active link is connected over
optical bypass switch
2. Traffic is forwarded to PM 20400
3. EX20400 filters out
tcp port 80 traffic
4. All other traffic is routed back to
the active link
5. tcp port 80 traffic is sent to
appliances
6. appliance is processing the traffic
7. Processed traffic is reinserted in
the live link

Security Function

This solution provides also a security option, the

EX12 offers 12000 filter rules, these rules can be
used to block unwanted traffic by hardware filters,
based on blacklist, for example per country.
The EX12 is immune against DoS attacks because there is no software stack.
The Packetmaster can also provide a bandwidth meter function that can limit the
incoming traffic to protect the firewall.

Mobile Packet Core monitoring installation

live network at a carrier in Europe

Mobile Packet Core monitoring installation

live network at a carrier in Europe

ROI-Based Value Prop Across Cubro

Products

Hardware Warranty INCLUDED at no charge for first two years with low MA for
subsequent years

Hardware Refresh Program provides for significant discount on new

replacement unit at 5 years

All Ports Active on every system shipped. No additional licensing required

All Units use a Linux (Debian) based OS which is easier to manage than other
proprietary or MS Windows or java based products

OS provides a scripting capability or customization to interact with other

product sets and notification systems and syslogs as needed

Multiple units can be inter-connected as a single virtual chassis and controlled

as one system, or as part of a larger system

54

If you have any additional question or

need help contact us.
Support / Additional Questions
EMEA

Cubro Acronet GesmbH

Geiselbergstr. 17/6.OG
1110 Vienna
Austria
Tel.: +43 1 29826660
Fax: +43 1 2982666399
Email: support@cubro.net

North America

Cubro US
337 West Chocolate Ave
Hershey, PA 17033

APAC

Cubro Singapore
Tel.: +65-97255386

Tel.:717-576-9050
Fax.: 866-735-9232
Sam Reed
Email: sreed@cubro.us

Joe
Email: jl@cubro.net