See How We Stack Up!
Keysight offers an extensive set of visibility intelligence feature stacks so you can get the most out of your visibility and security platform – our capabilities allow filtering based on L2 through L7. Moreover, we provide industry-specific, specialized capabilities. Each stack of features is executed with a purpose-built design to ensure you get the best performance whether in a physical data-center or a private, hybrid or public cloud.
Find Your Platform
Keysight is the only vendor that supports the best of both worlds: Intersection Mode filtering for out-of-band and Priority Based Filtering (PBF) for inline deployments.
Intersection Mode Filtering
Intersection Mode is based on our patented Dynamic Filter Compiler technology which allows overlap rules to be resolved seamlessly behind the scenes. This makes configuration easy when tools, rules, or both are changing on the fly. Intersection mode is ideal for out-of-band monitoring where portions of traffic may need to be monitored by multiple tools, ensuring that no blind spots develop and visibility is complete.
Priority Based Filtering (PBF)
PBF allocates a priority to each rule in the filter list. Traffic is matched strictly based on the condition and priority of each rule, similar to access control list (ACL) rule matching. PBF is ideal for inline traffic filtering where duplicates are harmful. With PBF, complex inline filtering requirements are made simple and duplication is guaranteed not to occur.
Although we recommend using Intersection Mode for out-of-band and PBF for inline deployments, it’s also possible to use Intersection Mode for Inline and PBF for out-of-band to accommodate many corner case designs. This level of flexibility is unmatched in the visibility industry.
Three Stages of Filtering
Network packet brokers allow traffic management through filtering traffic based on select criteria and forwarding only traffic of interest to meet tool needs. We offer three stages of filtering for more effective, efficient filtering, with less error. Three stages of filtering allows the building of complex rules, without nested statements, or loss of ports through looping traffic back.
With NetStack, you can filter at the ingress, dynamic and egress stages.
- Three stages provides a natural AND and OR logic thus allow complex Boolean logic to filter traffic in the stringiest way
- No limits on filtering combinations
Ingress and egress filters:
- MAC Address, VLAN, Ethertype, DSCP/ECN, IP Protocol, IPv4 Address and IPv4 Session, L4 Port, TCP Control
- MAC Address, VLAN, Ethertype, DSCP/Traffic Class, L4 Protocol, IPv4 Address and IPv4 Session, IPv6 Address and IPv6 Session, L4 Port, TCP Control, MPLS 2 Labels, TEID, VNI
Dynamic Filter Compiler
Allowing the simplest configuration for complex filtering logic, our patented dynamic filter compiler resolves rule overlaps seamlessly behind the scenes so tools receive the right traffic even with complex logic and heavy overlaps. Blind spots are easily created with traditional packet brokers that are strictly based on priority to perform traffic filtering. With the dynamic filter compiler capability, our packet brokers are extremely agile and allow changes on the fly. Time to configure is orders of magnitude less than with competitive products.
- Automatically resolve overlapping rules with our patented filter compiler technology
- Hitless changes – no packets dropped when you re-configure
- Don’t lose ports to achieve more complex logic
- Configuration time is minimal, even with many rules
- Minimal training or ongoing management needed
- Supports multitenancy and granular access permissions
Source Port Labeling (VLan Tagging)
Track packets easily by adding VLAN IDs to packets based on the source (ingress) port and remove them as they leave a packet broker via exit (egress) ports.
- Makes it easy to know where your data is coming from and where it goes.
- Uses VLAN tagging and stripping to differentiate packets from different network links. This is critical for inline tool sharing.
Easily combine data from multiple sources to forward to a single tool for analysis.
- Assess network performance by tracking a packet and latency through multiple links
- Combine traffic to higher throughput when tools are capable of greater bandwidth – without worrying about traffic bursts with PacketStack Burst Protection
- Support 1:1, Many:1 and many:many traffic streams when combined with replication
Be more efficient with ports and your time. We allow for replication at the ingress port as well as at the dynamic filter. Replication at the ingress allows the application of multiple dynamic filters to the same traffic stream. Replication at the dynamic filtering allows multiple tools to be connected to a given dynamic filter so the same traffic is sent to multiple tools. You don't have to setup complex logic or loop back.
- Save ports and rack space by replicating traffic to multiple tools
- Support 1:1, 1:many and many:many traffic streams when combined with aggregation
Don’t overload a single tool or duplicate setup. Easily distribute traffic according to mathematic algorithms to tools in a tool group. Supports session stickiness so the same TCP conversation are directed to the same tool.
- Ability to load balance in out-of-band configurations
- Ability to load balance a tool group inline, supporting a highly resilient, high availability active-standby configuration
- Load balance on L2, L3 headers and L4 ports for IPv4 and IPv6
- Support many load balancing options on MPLS label value, IPv4/6 and Dest IP in MPLS encapsulated packets
A Robust Foundation
We offer a robust set of standard features with its industry leading network packet brokers. We provide three stages of filtering to optimize port usage and physical design; next, we added a dynamic filter compiler that sorts complex logic and we do it all through our known, easy-to-use web interface to save administrators time and prevent error. Then we added core traffic filtering features: aggregation, replication and tagging. To top it off, we layer on features others charge for or don’t even offer – load balancing and the ability to double your ports. All this as the foundational set of capabilities.