What is the main role of the network splitter?

1, protocol conversion

Since ISPs use the mainstream Internet data communication interfaces 40G POS, 10G POS/WAN/LAN, 2.5G POS, GE, etc., and application servers usually use the data receiving interface for GE and 10GE LAN interface, so usually people in the Internet The protocol conversion mentioned on the communication interface mainly refers to the conversion between 40G POS, 10G POS and 2.5G POS to 10GE LAN or GE, and the bi-directional concatenation of 10GE WAN to 10GE LAN and GE.

2. Data collection and triage.

Most data collection applications basically just extract the traffic of interest and discard the traffic of no interest. For the traffic of concern through the five-tuple (source IP, destination IP, source port, destination port, protocol) convergence to extract the data traffic of specific IP, specific protocol, specific port. The output is based on a specific HASH algorithm to ensure same-source, same-homed, load-balanced output.

3, feature code filtering

For the collection of P2P traffic, the application system is likely to focus only on some of the specific traffic, such as: streaming media PPStream, BT, Xunlei, as well as http on the common keywords GET and POST and other characteristics of the code, etc., can be used in the way of feature code matching for extraction and convergence. Splitter supports fixed-position feature code filtering, floating feature code filtering. Floating feature code, that is, the offset specified on the basis of the fixed-position feature code implementation, is suitable for applications where it is clear that the feature code needs to be filtered, but not the specific location of the feature code.

4. Session Management

The traffic identification of session connections and the flexible configuration of session forwarding N values (N=1 to 1024). That is, the first N messages of each session are extracted and forwarded to the back-end application analysis system, and the messages after the N value are discarded, saving resource overhead for the downstream application analysis platform. Usually, when using IDS to monitor events, there is no need to process all the packets of the whole session, only the first N packets of each session need to be extracted to complete the analysis and monitoring of the event.

5, data mirroring, replication

Shunt can be realized on the output interface data mirroring and replication, to ensure that multiple sets of application system data access.

6, 3G network data acquisition and shunt

3G network data acquisition and shunt is different from the traditional network analysis mode: 3G network messages through multi-layer encapsulation in the backbone link transmission, message length, encapsulation format are with the ordinary network messages have a big difference, so simple filtering and analysis of quintuple, feature code, etc. is not feasible; shunt has a Multi-layer encapsulation format analysis function, can accurately identify and process GTP, GRE and other tunneling protocols, as well as multi-layer MPLS, VLAN labeling packets, according to the message characteristics can be extracted from the IUPS signaling messages, GTP signaling messages, Radius messages to the designated port, but also according to the inner IP streaming, support for ultra-large packets (MTU>1522 Byte) processing The newest addition to the 3G network is a new generation of network management software, which can be used to perfectly realize the 3G network data collection and streaming applications.

The network splitter requires professional installation.