The Second Wave of Packet Broker Disaggregation

Monitoring Service Assurance, Cybersecurity and Packet Flow Management

packet broker analysis
Dr. Jim MetzlerWritten by Dr. Jim Metzler
Dr. Jim Metzler is widely recognized as an authority on both network technology and its business applications. In over 28 years of professional experience, Jim has assisted numerous vendors refine their product and service strategies, and helped tens of enterprises evolve their network infrastructure.

In a recent blog, I discussed how a product that NETSCOUT introduced in June 2017, the nGenius® 5000 series Packet Flow Systems (PFS), is disrupting the packet broker market. In contrast to a typical vendor-locked packet broker, the nGenius 5000 series packet flow switch disaggregates the software from the hardware and provides either an integrated appliance or software that runs on commodity hardware. I will use this blog to explain how NETSCOUT’s recently announced nGenius Packet Flow eXtender (PFX) leverages the evolving X86 server architecture to create the second wave of packet broker disaggregation.

Most people recognize that the price/performance of X86-based servers has improved dramatically over the last several decades, due to both per-core performance improvements and the growth in the number of cores per server. Software that fully leverages the multicore X86 architecture will continue to benefit from a new generation of price/performance improvements in X86-based servers.

The recently announced PFX is a software product that runs on the NETSCOUT InfiniStreamNG (ISNG) platform. As such, PFX fits in nicely with the megatrend in the IT industry towards more software-based products. As part of the nGenius Packet Flow Systems portfolio from NETSCOUT, the PFX software integrates with the nGenius packet flow switches to form a flexible, yet full-featured visibility network. The switches enable the base packet broker functionality, while PFX is designed for advanced-level packet conditioning. As such, one can deploy PFX capabilities at any point on the visibility network, with PFS devices as its backbone—organized in a dynamic, self-healing mesh. One of the benefits of such a mesh is that it shares the load across multiple devices which increases both the scalability and the availability of the solution.

As noted, one benefit that comes from leveraging the X86 multicore architecture is that it results in a significantly lower price point. According to NETSCOUT, the cost of the overall solution, combining base (PFS switches) and advanced (PFX software) capabilities, is roughly 50 percent of the cost of comparative vendor-locked systems. Another benefit is that the PFX that was recently announced has the processing power to support a number of advanced packet processing features, including:

  • NetFlow generation, e.g. v5, v9 and IPFIX
  • IP tunnel termination
  • Header stripping
  • De-duplication

While supporting the features listed above is important, when enterprise IT organizations adopt a monitoring solution, they want that solution to be effective for an extended period of time. Because it leverages the multicore X86 architecture and its ongoing price/performance improvements, PFX will have the processing power that is necessary to support additional packet processing functionality well into the future. Development cycles should also be considerably shorter vs those that need to accommodate custom hardware.

I am intrigued by the monitoring possibilities that NETSCOUT could bring by combining its service assurance, cybersecurity, and packet flow management capabilities into a single architecture. Lots to watch for in this space.

~ Dr. Jim Metzler, Managing Partner, Ashton Metzler