For VendorsBlog

Network Packet Broker

Network Packet Broker

Network Packet Broker’s (NPBs) are devices that do just what the name suggests, they “broker” incoming network traffic to any number of security, application performance monitoring, or network forensic tools. The need to “broker” packet before it is sent to tools comes from 2 major driving forces.  First, the throughput of tools is limited, second, every tool requires a different subset of traffic to maximize performance.

Packet broker is designed to deliver only the traffic of interest required by any specific tool. NPBs achieve this by using a variety of filtering options that will be explained in detail in the next blog in this series. NPBs act as the man-in-the-middle between TAP/SPAN ports and the tool itself and should be designed with 4 different deployment scenarios in mind.

Broker traffic from a single TAP port to a single tool. In this application the most important function of the NPB is its filtering capability.  Most tools currently deployed handle up to 10Gbps of traffic at any given time. If the incoming TAP traffic is 40Gbps, the traffic needs to be filtered by a factor of 4.  The NPB needs to ensure the traffic is filtered adequately to meet this limitation while providing every packet the tool needs to do its job.

Broker traffic from multiple TAP ports to a single tool. This application builds on the previous, but now the NPB needs to support aggregation.  Aggregation allows the user to setup single filters that will be applied to all incoming traffic streams, reducing the setup time/complexity of the device. Aggregation also ensures the tool receives traffic from multiple streams.

Broker traffic from a single TAP port to multiple tools. This application builds on the first, however, the NPB now needs to be able to replicate and/or load balance traffic. The traffic needs to be replicated/mirrored/copied to ensure each tool has access to any necessary packets.  To properly handle this application, the NPB must also support egress filtering, to allow unique filters criteria for each different tool. If multiple tools require the same filtered traffic, the NPB must also support load balancing and options on how to load balance. 

Broker Traffic from multiple TAP ports to multiple tools. The final application builds on the previous three and uses filtering, aggregation and load balancing to guarantee each tool operates at its maximum efficiency.

The current crop of NPBs plays a critical role in enabling businesses to perform several functions, such as moving to a virtual network, upgrading the network, and cost-effectively adding more advanced tools. However, infrastructure evolution continues to march on, and now it’s time for next generation network packet broker.

Next-generation NPBs are designed to meet the needs of digital businesses. A good analogy to consider is the evolution of application delivery controllers (ADCs). They started as simple load balancers and then added advanced load-balancing capabilities to become ADCs. After several years, security and cloud capabilities were introduced, and the product category shifted to advanced ADCs. The same trend is happening with NPBs as they evolve to next-generation NPBs.

The most popular products in category Network Packet Broker All category products

Niagara Network Packet Brokers

F.A.Q. about Network Packet Broker

Network Packet Brokers - How can they help you?

As your network continues to grow physically and virtually and speeds increase up 100 Gig it has become increasingly difficult to ensure that all your security and monitoring tools see and receive the real-time traffic that they need to analyze. These tools need to know exactly what is happening on the network, and are only as good as the data they receive.

The challenge is to ensure each tool see’s the traffic that it needs to.  Using a combination of Taps, Bypass Switches and packet brokers we can set up a visibility architecture that sits between the IT infrastructure and the tools which gives you access to all the traffic traversing the virtual and physical links.


  • Data from one network link, to one tool
  • Data from one network link, to multiple tools – Regeneration
  • Data from multiple network links, to one tool - Aggregation
  • Data from multiple network links, to multiple tools
  • Load balance traffic among all your tools


Ultimately, NPBs make monitoring and security tools more effective, by giving them access to a range of data from across the entire network. Blind spots are reduced, giving tools the visibility they need to identify and tackle performance and security threats.