Did You Know? cPacket's Packet Brokers Deliver Precision Filtering for Your Tools
In many scenarios, network operators need to send very specific data to their monitoring, security, or performance tools. cPacket's Packet Brokers (cVu) enable this capability using smart filters that categorize and control traffic flows based on precise filtering rules.
Smart-Filter Actions & Order of Precedence
cVu Packet Brokers utilize four smart-filter actions:
• Count – Monitor and log matching packets.
• Pass – Allow specified traffic to flow through.
• Drop – Block specified traffic.
• Load Balance (LB) – Distribute traffic efficiently across multiple destinations.
Action Precedence: PASS > DROP > LOAD-BALANCE
• A PASS rule overrides a DROP or LOAD-BALANCE rule.
• A DROP rule takes precedence over LOAD-BALANCE.
Example Use Cases
1. Sending Only Non-Web TCP Traffic to a Tool
To send only TCP data that does not go to ports 80 (HTTP) or 443 (HTTPS):
• Configure a LOAD-BALANCE filter for all traffic (TCP/IP template with an empty address field).
• Configure a DROP filter for traffic going to port 80.
• Configure a DROP filter for traffic going to port 443.
• Outcome: Since DROP takes priority over LOAD-BALANCE, traffic to ports 80 and 443 are removed, while all other TCP traffic is load-balanced and sent to the tool.
2. Sending Only UDP Traffic to a Tool
To ensure that only UDP traffic is sent to a tool:
• Configure a DROP-ALL filter (string-match with an empty string).
• Configure a PASS filter for UDP traffic (TCP/UDP/IP filter with protocol set to UDP and an empty string).
• Outcome: Since PASS takes priority over DROP, only UDP traffic is sent to the tool, and everything else is discarded.
3. Sending Only SSL Client and Server Responses
To send only SSL response messages:
• Configure a DROP-ALL filter (string-match with an empty string).
• Configure a PASS filter for TCP traffic on port 443, detecting SSL client responses (payload A: "|16....01|").
• Configure a PASS filter for TCP traffic on port 443, detecting SSL server responses (payload A: "|16....02|").
• Outcome: Only SSL response traffic is passed, ensuring precise monitoring of encrypted sessions.
Why Use Smart Filters with cVu?
• Optimized Tool Performance: Only relevant data is sent, reducing tool processing load.
• Improved Network Efficiency: Eliminates unnecessary data from being analyzed.
• Enhanced Security & Compliance: Ensures the right data is monitored while reducing exposure to unneeded traffic.
Conclusion
In today's complex and high-speed network environments, having granular control over traffic is crucial for operational efficiency, security, and compliance. cPacket’s smart filtering technology offers a dynamic and scalable solution that ensures the right data reaches the right tools with minimal overhead. By leveraging cPacket’s Packet Broker’s (cVu) intelligent filtering capabilities, organizations can enhance network performance, streamline monitoring processes, and obtain unprecedented visibility into their infrastructure.
cPacket’s Packet Brokers empower network teams with precise traffic control, enabling optimal observability and performance. To learn more, contact cPacket today!
