Open Packet Broker NOS (OPBNOS) set of containerized applications built and runs on top of the open-source SONiC NOS. The NOS provides an affordable solution to aggregate, filter, replicate and load balance network traffic from hardware TAPs.
Filter, Replicate and Load Balance: OPBNOS provides the basic functionalities of any packet broker on commodity ASICs including filtering based on L2/L3/L4 headers, replicating traffic with unique identification and providing symmetric load balancing.
Deep Inspection, Truncate, Tunnel: Advance functions including user-defined offset-based inspection of tunnelled packets (IP-in-IP, VXLAN, MPLS, GRE), forward monitored traffic across data centres using IP underlay. One of the unique value-added features includes the truncation of payload reducing the storage cost at tools farm.
5G Ready: OPBNOS supports parsing of GTP-C and GTP-U packets, providing advanced filtering and load balancing based on inner headers.
Unified Management: Aviz FlowVision provides a single pane of glass to manage and visualize the solution. OPBNOS also supports industry-standard CLI and RESTful API for integration into customer orchestration systems.
Open-source Arkimer (Moloch) is deployed for capturing packets from the network aggregators and load balancers. The capture module can sniff packets from the NIC and also supports processing packets from pcap files. The captured packets can be visualized using a simplified viewer providing insights into the metadata including packet headers and payloads. This component also writes the metadata to a centralized storage cluster for future analysis.
For centralized storage Elastic Storage cluster is utilized which supports distributed scalable storage along with automatic sharding. The metadata saved across the elastic cluster is visualized using Kibana which provides drilled-down information about sessions, network stats and dashboards
Monitoring a Cloud network with dislocated data centres can create blindspots that might lead to security and compliance issues. The solution provides comprehensive visibility across the cloud infrastructure, providing end-to-end visibility into the application, and traffic flow and making it easier to correlate network and security events across data centres.
Aviz OPBNOS exposes the ASIC capabilities for advanced monitoring including deeper packet inspection for security applications, tunnelling (VXLAN) data across data centres using existing IP underlay, and 5G (GTP) packet processing for load balancing using inner headers. All these advanced capabilities support wire-speed forwarding of monitored traffic.
The architecture of the complete solution for packet monitoring and analysis is highly distributed, supporting per-site packet capture, analysis and troubleshooting. The extracted metadata from the monitored traffic is stored in a distributed clustered database for centralized analysis and visualization.
The solution provides end-to-end visibility and wire-speed access to network traffic without the need for investing in new hardware. OPBNOS is built on open-source NOS SONiC which is supported by the majority of the ASIC and switch vendors, customers can easily upgrade to this solution on their existing hardware. Packet capture, analysis and visualization are performed using open-source software running on commodity x86 hardware running Linux.