Enhanced PacketBroker with Advanced Filter and TTL Pulse Generation
31st, May 2019
Welcome to another May 2019 issue of GL's Newsletter providing information and insight into our enhanced PacketBroker - Passive Ethernet Tap with filter grouping for drilling-down to traffic of interest, and to generate triggers based on filter groups.
OverviewPacketBroker is an optional application with GL’s PacketExpert™ Ethernet Test Tool, which is used as a highly precise non-intrusive Wirespeed Ethernet Tap and all the necessary features packaged within to capture real world traffic, define multiple filters for drilling-down to traffic of interest, generate triggers based on packet filters, and transmit filtered/aggregated packets for deep-packet data analysis.
GL’s PacketExpert™ 10GX is a USB based portable Quad Port wirespeed Ethernet/IP Tester, of which 2 are 10/1 Gbps optical ports, and other 2 are 10/100/1000 Mbps Electrical/Optical ports. The 10/1 Gbps Optical ports can be down shifted to support 1Gbps Electrical ports, thus offering 4 Electrical / 4 Optical 1 Gbps ports for ethernet testing per unit.
In addition to PacketExpert™ 10GX portable platform, GL also offers rack-based variant using mTOP™ 1U/2U rack mount enclosures within which PacketExpert™ 10GX USB units are stacked to provide High Density GigE ports form factor solution for testing GigE switches, routers and network conditions. It is a perfect ethernet test tool for customers who require multi-port testing but are constrained by lab space.
The PacketBroker application utilizes all these ports to support advanced features such as -
- Network Tap - capable of handling bidirectional 100% wirespeed traffic up to 10 Gbps
- Wirespeed Filtering - powerful and easy to use
- Packet Modification- to convey useful information like Timestamp, inband
- TTL Trigger I/O - generates or accept TTL signals based on packet filters
- Output Aggregation- both direction traffic multiplexed on the selected single output port
The application captures on 1G/10G: Port 1 and Port2 (Pass-through ports) and outputs the filtered and modified packets on 1G: Port 3 and Port 4 or 1G: Port1 and Port2 respectively or aggregates the output to either single port. All the features of high-end taps are packaged into this portable unit making it suitable for field testing and remote testing at any point in the network.
The output of PacketBroker can also be fed to any packet analyzer software for further troubleshooting and analysis. GL offers PacketScan™, an All-IP Network Monitoring software to analyze all signaling and traffic over IP traffic.
Filter Grouping and Super Grouping
The filter configuration within PacketBroker is enhanced to support grouping the configured filters. Individual filters are setup while the PacketBroker is running in Normal / Basic mode.
In Basic mode, user can define an individual filter based on Source/Destination MAC Address, Source/Destination IP Address, Source/Destination UDP/TCP ports in addition to other fields, along with a Raw filter that can be set to filter 120 bytes of Hex data anywhere within the packet.
Individual filters can be combined into groups using "OR" or "AND" operations. Groups of filters can be further combined into "Super Groups" again using "OR" or "AND".
Filter Group Triggers
Each filter Super Group can be configured to run in either mono trigger (manual mode) or continuous filter mode (automated).
Continuous mode is the normal filter operation mode where packets are set to filter continuously. Correspondingly, Triggered/Filtered Packets statistics are logged. In Mono Trigger filter mode, once the packet that matches the super group filter is filtered, filtering is stopped and, any further packets are not accepted, even if they match the filter.
TTL Pulse Generation
TTL Pulse monitoring using Oscilloscope
PacketBroker application is now supports generating output TTL signal pulses for every filter/group match.
PacketExpert™ 10GX Hardware includes 12 Programmable TTL I/O (Input/Output) ports. User-configurable Filter/group to TTL Mapping is supported. The 12 TTL (TTL1 to TTL12) ports can be uniquely assigned to filter groups. The length of the TTL signal pulse generated can be customized in msec. User can also choose not to output the generated TTL signal pulse generated for the filter match.
As indicated in the image, the TTL signal (representing the Filter match) can be taken out and processed using an external device like Oscilloscope.
The PacketBroker application, allows PacketExpert™ to capture packets at wirespeed (up to 10 Gbps) non-intrusively over Ethernet (Electrical) and Optical ports at nano-second precision. It supports both Tapping (Pass through mode), and Tap-Filter-Aggregate-Modification modes. PacketExpert™ operation is bi-directional, which means that both transmission directions are simultaneously processed by the equipment.
The below diagram provides the functional features of PacketBroker application such as Tap, Filter, Aggregation, and Packet modification.
Traffic is forwarded between the Pass-through ports (1G/10G: Port 1 and Port 2) without any modification or delay. This makes the Ethernet link connected between 1G/10G: Ports 1 and 2 acts as a transparent full duplex Ethernet link, so that the connected devices/networks will not notice that a device is connected between them.
It supports wirespeed filtering of Layer 2/Layer 3/Layer 4 Ethernet packets, with each port featuring up to 16 simultaneous filters. The filters can be configured in Raw (bytes level) or Packet Mode (field header). Filter grouping and Super grouping configurations using “AND” / ”OR” operators. Mono Trigger and Continuous filter modes are also supported.
- Packet Modification:
PacketBroker modifies filtered packets using an inband method of conveying information such as Timestamp, Board Serial No., Port No., and Filter No., to the (output port) packet analyzer by carrying this information in the packet's MAC header. The filtered packet's MAC header's Destination MAC Address (6 bytes) and Source MAC Address (6 bytes) fields are modified.
The filtered traffic from 1G: Port1/ Port2 (Pass-through ports) are normally sent out on 1G: Port 3/ Port 4 (Output port). Similarly, filtered traffic from 10G: Port1/ Port2 are sent out on 1G: Port1/ Port2. Alternatively, the filtered traffic from both 1G/10G: Port 1 and Port 2 can be aggregated and sent out on a single port as a single stream. Since the aggregated stream rate can exceed wirespeed rate of a single port, the aggregated traffic is buffered in the onboard 8 GB DDR3 RAM memory, before being sent out. The aggregated traffic on the output ports can be analyzed using packet analyzers such as WireShark® or GL’s PacketScan™ application, or any other custom Packet Analysis tool.
For comprehensive information on the application, user can refer to PacketBroker web page.