Network Packet Brokers (NPB)

“Intelligent packet brokers and advanced decryption for pervasive visibility.”

What are Packet Flow Switches (PFS)?

NETSCOUT’s Packet Flow Switches (PFS) are high-performance packet brokers that aggregate, replicate, filter, and distribute network traffic from multiple TAPs and SPANs to security and monitoring tools.
By optimizing tool utilization and ensuring that the right traffic reaches the right tools, PFS forms the foundation of a visibility fabric for enterprises and carriers.

Key Features of PFS

• Traffic Aggregation & Replication
  o Collect traffic from TAPs, SPANs, and other sources.
  o Replicate packets to multiple tools simultaneously.
• Advanced Filtering
  o Match traffic based on VLAN, IP, port, protocol, or application metadata.
  o Reduce tool overload by sending only relevant packets.
• Load Balancing & Optimization
  o Distribute flows evenly across multiple appliances.
  o Scale out IDS/IPS, firewalls, and monitoring platforms.
• Service Chaining
  o Direct packets sequentially through multiple security or monitoring tools.
  o Create optimized workflows for DLP, forensics, and compliance.
• Inline Bypass & Resiliency
  o Keep traffic flowing if a tool fails.
  o Provide safe inline deployment for security appliances.
• High-Performance Scalability
  o Line-rate switching at 1/10/40/100G.
  o Modular chassis with hundreds of ports for carrier environments.

nGenius Packet Flow eXtender (PFX) Software

The PFX software extends PFS functionality with advanced features:

• Flow-aware load balancing – maintains flow integrity across tool sets.
• Header stripping & slicing – remove VLAN, MPLS, GRE, GTP headers, or slice packets to optimize tool efficiency.
• Traffic deduplication – eliminate duplicate packets to reduce wasted processing.
• Time stamping – synchronize packet capture for forensic and compliance use cases.
• Tunnel decapsulation – decode encapsulated traffic (VXLAN, GRE, GTP, MPLS) for deeper analysis.

nGenius PFS Fabric Manager

The Fabric Manager provides centralized management of large-scale PFS deployments:

• End-to-end visibility fabric control – manage hundreds of PFS as a single logical fabric.
• Graphical topology maps – visualize traffic flows and tool connectivity.
• Policy-based provisioning – define and apply global filtering, replication, and service chaining rules.
• Automation & APIs – integrate with NOC/SOC workflows for dynamic adjustments.
• Scalability – support for distributed, multi-site, carrier-grade visibility fabrics.

nGenius Decryption Appliance (nDA)

To address the visibility gap created by encrypted traffic, NETSCOUT provides the nGenius Decryption Appliance:

• Inline and out-of-band SSL/TLS decryption – supports monitoring of encrypted flows.
• Selective decryption – policies by IP, subnet, VLAN, or application.
• Compliance support – exemption rules to protect sensitive data (e.g., banking, healthcare).
• High-throughput performance – scalable decryption at 10/40/100G with hardware acceleration.
• Integration with PFS – decrypted traffic can be distributed to multiple tools simultaneously.

Benefits for the Client

• Maximize tool ROI – optimize load and deliver relevant traffic to each tool.
  
• Enable encrypted visibility – decrypt SSL/TLS for security monitoring.
  
• Reduce complexity – centralize aggregation, filtering, and decryption.
  
• Assure resiliency – inline bypass maintains traffic continuity during outages.
  
• Scale visibility – manage distributed fabrics across enterprise and carrier environments.

Why NETSCOUT is Different ?

• Integrated visibility fabric – PFS, PFX, nDA, and Fabric Manager in one portfolio.
  
• Comprehensive functionality – filtering, deduplication, slicing, service chaining, decryption.
  
• Carrier-grade scale – trusted by Tier-1 carriers and hyperscalers.
• Operational efficiency – automation, APIs, and centralized fabric control.
  
• Trusted leader – decades of expertise in packet-based visibility.

Typical Use Cases

• Aggregate TAP/SPAN traffic into a unified visibility fabric.
• Balance loads across IDS/IPS clusters.
• Decrypt SSL/TLS traffic for security monitoring.
• Deduplicate packets and strip headers to optimize tool efficiency.
• Deploy service chaining for multi-tool security workflows.
• Centrally manage distributed PFS fabrics across large environments.

Services & Support (What We Offer)

• Visibility Assessment – evaluate monitoring coverage and tool efficiency.
• Deployment Services – architect and roll out PFS, PFX, Fabric Manager, and nDA.
• Policy Workshops – configure advanced filtering, decryption, and deduplication.
• Integration Support – connect PFS with NOC, SOC, and cloud ecosystems.
• Managed Visibility – deliver packet brokering and decryption as-a-service

“Intelligent traffic aggregation, filtering, and distribution for monitoring and security tools.”

What are X2 & X3 Packet Brokers?

The Profitap X2 and X3 Series Network Packet Brokers (NPBs) are high-performance, modular solutions designed to aggregate, filter, and distribute network traffic from multiple links towards monitoring and security tools.

By optimizing how traffic is delivered to IDS, IPS, SIEM, NDR, and performance monitoring platforms, X2 and X3 ensure that tools receive the right data at the right time, without oversubscription or blind spots.

They are part of Profitap’s broader IOTA and TAP ecosystem, providing end-to-end visibility from traffic access (TAPs) to advanced analysis.

Key Features

• High-Density Aggregation
  ▫️Collect and aggregate traffic from multiple 1G/10G/25G/40G/100G links.
  ▫️Consolidate data from TAPs, SPANs, and inline devices.
• Advanced Filtering
  ▫️L2–L4 filtering (VLAN, IP, port, protocol).
  ▫️Application-aware filtering for 3,000+ apps and protocols.
  ▫️Deduplication, packet slicing, and header stripping.
• Traffic Distribution
  ▫️Load-balancing across multiple monitoring tools.
  ▫️Replication for parallel delivery to security and observability stacks.
• Scalability & Modularity
  ▫️X2: optimized for medium-to-large enterprises and data centers.
  ▫️X3: carrier-grade platform supporting massive traffic volumes.
• Fail-Safe Architecture
  ▫️Non-blocking, low-latency design.
  ▫️Redundant power and management options.
• Integration with Profitap Ecosystem
  ▫️Seamless with Profitap TAPs and IOTA appliances.
  ▫️Centralized control and orchestration with IOTA CM.

Benefits for the Client

• Eliminate blind spots – comprehensive visibility across physical and virtual links.
  
• Optimize tool usage – deliver only relevant traffic, reducing tool overload.
  
• Future-proof scalability – from enterprise to carrier-grade environments.
• Lower costs – maximize ROI of monitoring and security tools.
  
• Flexible deployment – inline or out-of-band, data center or backbone.

Why Profitap is Different ?

• All-in-one ecosystem – TAPs, NPBs, and IOTA unified.
  
• Application-aware intelligence – filtering beyond L2/L3, up to application level.
  
• High-speed readiness – supports 100G links and scalable to multi-terabit fabrics.
  
• Compact design – high density in smaller footprints (X2).
  
• Trusted reliability – deployed in enterprise, finance, and service provider networks.

Typical Use Cases

• Aggregate multiple TAP and SPAN outputs into a single monitoring stream.
• Distribute relevant subsets of traffic to IDS, IPS, and SIEM tools.
• Balance load across multiple NDR or performance monitoring appliances.
• Filter application traffic for compliance, lawful intercept, or SLA monitoring.
• Scale visibility from enterprise data centers (X2) to carrier backbones (X3).

Services & Support (What We Offer)

• Visibility Assessment – design TAP + NPB architectures for full coverage.
  
• Deployment Services – implement X2/X3 in data centers or backbone networks.
• Integration Workshops – connect NPB flows to SIEM, NDR, and APM tools.
  
• Optimization Services – configure filtering rules, load-balancing, and deduplication.

“Scalable traffic intelligence powered by CPU, silicon, and FPGA processing.”

 What are Keysight Network Packet Brokers?

The Keysight Vision Series Network Packet Brokers form a complete portfolio of appliances designed to aggregate, filter, optimize, and distribute network traffic to monitoring and security tools.

The range extends from compact 1G/10G platforms like Vision U1S and E10S to high-capacity datacenter appliances such as the E400S, E400P, and Vision X.

Keysight’s NPBs are engineered with CPU-based packet processing for flexible traffic manipulation, and silicon/FPGA acceleration for high-speed, line-rate performance at 40G, 100G, and beyond. This combination provides unparalleled scalability and processing capacity in modern datacenter and service provider networks.

Key Features

• Comprehensive Platform Range
  • Vision U1S, E10S, E40, E50: compact, cost-effective aggregation and filtering appliances.
  • Vision E100, 7816: mid-range, scalable visibility nodes.
  • E400S, E400P: high-performance packet brokers with FPGA acceleration for terabit-class throughput.
  • Vision One, 400, Vision X: advanced platforms with full-stack visibility for enterprise and service providers.
• High-Performance Processing
  • CPU processing: flexibility for complex filtering, packet manipulation, and metadata enrichment.
  • Silicon/FPGA acceleration: deterministic, line-rate performance for high-throughput environments, even with complex rules.
  • Combination of both ensures scale + intelligence, without performance bottlenecks.
• Advanced Traffic Intelligence (Visibility Stacks)
  Keysight Vision NPBs support multiple software stacks that extend traffic intelligence far beyond simple aggregation:
  • NetStack – Base functionality: aggregation, load balancing, traffic replication, and filtering.
  • PacketStack – Packet manipulation features: de-duplication, packet slicing, header stripping, time stamping.
  • PacketStack+ – Enhanced packet processing: more advanced header removal, user-defined slicing, advanced normalization.
  • FlowStack – Generates NetFlow/IPFIX flow records from raw traffic, providing flow-based visibility without dedicated collectors.
  • SecureStack – SSL/TLS decryption (inline and out-of-band), security policy enforcement, and secure tunneling.
  • AppStack – Application-level visibility and metadata generation (HTTP, DNS, SSL certs, SaaS, etc.), enabling deep observability.
  • TradeStack – Specialized for financial trading networks, providing nanosecond-level timestamping and monitoring of latency-sensitive flows.
  • MobileStack – Visibility for mobile core networks (GTP, LTE, 4G/5G traffic). Supports session correlation, decapsulation, and filtering of mobile signaling and user plane.
  • MobileStack+ – Advanced mobile visibility: includes subscriber-aware filtering, per-user traffic extraction, and advanced 5G observability features.

Benefits for the Client

• Full visibility fabric: from enterprise edge to carrier-grade core, one consistent platform.
• High-speed performance: FPGA acceleration guarantees line-rate processing at 100G+.
• Optimize monitoring & security tools: offload heavy processing (de-duplication, decryption, flow generation) from tools.
• Stronger security posture: deliver decrypted, filtered, and enriched traffic to IDS/IPS, SIEM, and NDR.
• Future-proof: support for 400G and 5G traffic, hybrid and multi-cloud architectures.

Why Keysight NPBs are Different ?

• Dual processing approach: CPU for flexibility, FPGA/silicon for massive throughput.
• Full stack visibility: modular stacks (NetStack → AppStack → MobileStack) cover every use case.
• Specialized stacks: TradeStack for financials, MobileStack for telecom — highly differentiated in the industry.
• Carrier-grade reliability: designed for the largest service provider and financial trading networks.
• Tight integration: works seamlessly with Keysight TAPs, Vision Edge OS, and test/validation tools.

Typical Use Cases

• Aggregate traffic from multiple TAPs and deliver optimized streams to monitoring tools.
• Provide flow records to SIEM or analytics via FlowStack.
• Enable SSL decryption for inline and out-of-band NDR/IDS via SecureStack.
• Deliver application metadata to observability platforms with AppStack.
• Monitor financial trading latency with nanosecond precision via TradeStack.
• Gain visibility into 5G core traffic with MobileStack and MobileStack+.

Services & Support (What We Offer)

• Visibility Architecture Assessment – identify blind spots and design NPB deployments.
• Deployment & Integration – install and tune Vision Series appliances.
• Stack Enablement – activate and configure the right visibility stacks for client use cases.
• Advanced Workshops – SSL/TLS key management, flow analytics, mobile visibility.
• Managed Services – co-sourced operation of Keysight visibility fabrics.

 “Centralized orchestration and policy management for the Gigamon Visibility and Analytics Fabric.”

What is GigaVUE-FM?

GigaVUE-FM (Fabric Manager) is the centralized management and orchestration platform for the Gigamon Visibility and Analytics Fabric.

It provides a single pane of glass to configure, monitor, and manage all Gigamon appliances — TA Series, HC Series, GigaSMART modules, and GigaVUE Cloud Suite. With GigaVUE-FM, organizations can simplify operations, automate policy enforcement, and ensure consistent visibility across datacenters, WAN, and cloud environments.

By enabling scalable orchestration of visibility policies, GigaVUE-FM is the key to unlocking the full power of Gigamon’s Deep Observability Pipeline.

Key Features

• Centralized Visibility Management
  • Single console to manage the entire visibility fabric (on-prem and cloud).
  • Unified inventory, topology maps, and health dashboards.
• Policy Automation & Orchestration
  • Create and apply visibility policies across multiple devices with a few clicks.
  • Automated workflows reduce human error and accelerate deployments.
• Traffic Flow Visualization
  • Graphical representation of traffic flows across the fabric.
  • End-to-end visibility of how data moves from TAPs to tools.
• Scalability & Multi-Tenancy
  • Scale to manage hundreds of nodes and thousands of policies.
  • Support for multi-tenant environments with role-based access control.
• Integration with Ecosystems
  • APIs and connectors for ITSM, SIEM, and AIOps/observability tools.
  • REST APIs for custom automation and DevOps pipelines.
• Health & Performance Monitoring
  • Real-time monitoring of NPB and GigaSMART performance.
  • Alerts and logs to ensure fabric resilience.

Benefits for the Client

• Simplify operations: manage all visibility appliances from a single pane of glass.
• Accelerate deployments: apply visibility policies consistently across hybrid environments.
• Reduce errors: automated policy enforcement minimizes misconfigurations.
• Increase security & compliance: ensure critical traffic is always directed to the right tools.
• Support hybrid visibility: manage datacenter, WAN, and cloud visibility fabric in one platform.

Why GigaVUE-FM is Different ?

• Unified orchestration: unlike device-by-device management, FM delivers global fabric control.
• Deep Observability enablement: orchestrates packet brokers, GigaSMART, and cloud probes in a single workflow.
• API-driven automation: integrates with DevOps and SecOps pipelines for visibility as code.
• Enterprise scalability: designed for large, multi-site, multi-cloud deployments.

Typical Use Cases

• Deploy and manage visibility fabrics across multiple datacenters.
• Orchestrate cloud visibility policies in AWS, Azure, or GCP.
• Automate traffic filtering and routing policies for SOC/NOC tools.
• Provide multi-tenant fabric control for managed services providers.
• Centralize reporting and health checks for compliance and audits.

Services & Support (What We Offer)

• Fabric Assessment – Review existing visibility deployments and design a centralized FM strategy.
• Deployment Services – Install and configure GigaVUE-FM for hybrid environments.
• Automation Workshops – Enable visibility as code using FM APIs.
• Managed Services – Operate the fabric centrally, including policy management and change control.
• Training – Empower IT and SOC teams to manage and optimize their visibility fabric.

“Intelligent traffic aggregation and visibility for monitoring and security tools.”

What is the Gigamon TA Series?

The Gigamon TA Series are Network Packet Brokers (NPBs) designed to aggregate, filter, and distribute network traffic from multiple sources to performance monitoring and security tools.

They act as a visibility layer between the production network and monitoring or defense systems (NPMD, IDS/IPS, SIEM, NDR, forensics), ensuring that each tool receives the right data at the right time, without being overloaded by irrelevant traffic.

The TA Series offers flexible, scalable, and cost-effective appliances for traffic aggregation, making it easier to extend monitoring coverage across datacenters, WANs, and hybrid cloud environments.

 Key Features

• Traffic Aggregation – Collect and consolidate traffic from multiple TAPs, SPANs, and network links.
• Filtering & Slicing – Deliver only relevant packets to each monitoring or security tool, reducing load and noise.
• Load Balancing – Distribute high-volume traffic across multiple tools for optimized performance.
• De-duplication – Eliminate redundant packets to save tool processing capacity.
• Scalability – Appliances sized to support different bandwidths, from 1G up to 100G.
• Metadata Generation (Advanced Models) – Enrich flows with application-level intelligence to accelerate analysis.
• Integration – Seamlessly connect with visibility platforms and advanced Gigamon modules (GigaVUE, Application Intelligence).

Benefits for the Client

• Full visibility: Ensure monitoring and security tools see all relevant traffic.
• Optimize tool performance: Reduce overload and extend lifespan of existing investments.
• Lower costs: Decrease the need for scaling expensive monitoring appliances by filtering out unnecessary data.
• Strengthen security: Provide IDS, IPS, and NDR platforms with clean, precise traffic feeds.
• Hybrid flexibility: Support visibility across datacenters, WAN, and cloud environments.

Why the Gigamon TA Series is Different ?

• Vendor-agnostic visibility – Works with all major monitoring and security tools.
• Scalable options – From entry-level to large-scale datacenter deployments.
• Part of the Gigamon Visibility Fabric – TA Series appliances are the foundation for advanced Gigamon solutions (including Application Metadata Intelligence).
• Future-proof – Support for next-gen traffic speeds (up to 100G) and hybrid architectures.

Typical Use Cases

• Aggregating traffic from multiple TAPs/SPAN ports into a unified visibility layer.
• Feeding filtered traffic into NPMD tools for performance monitoring.
• Providing optimized packet streams to IDS/IPS and NDR systems.
• Offloading duplicate or irrelevant traffic to improve SIEM efficiency.
• Building a visibility fabric in combination with other Gigamon appliances.

 Services & Support (What We Offer)

• Architecture & Design – Identify visibility gaps and design a TA-based fabric.
• Deployment & Integration – Install, configure, and tune TA appliances.
• Optimization – Fine-tune filtering, load balancing, and metadata policies.
• Managed Services – Operate and maintain visibility fabrics as a service.
• Training & Enablement – Upskill IT and SOC teams to operate Gigamon TA Series efficiently.

“High-performance visibility and traffic intelligence for security and monitoring at scale.”

What is the Gigamon HC Series?

The Gigamon HC Series are high-capacity Network Packet Brokers designed for organizations that require advanced visibility, traffic intelligence, and inline security controls across large-scale, mission-critical environments.

Building on the foundation of aggregation (as in the TA Series), the HC Series adds application-aware intelligence, advanced filtering, and inline bypass features, ensuring that performance monitoring and security tools receive precisely the data they need — optimized, enriched, and secure.

These appliances are the backbone of the Gigamon Visibility and Analytics Fabric, supporting 10G to 400G links, cloud and hybrid architectures, and advanced use cases such as metadata generation and inline security chaining.

Key Features

• High-Capacity Traffic Aggregation — Consolidate high-speed network traffic (10G to 400G).
• Advanced Filtering & Correlation — Match flows based on applications, users, or protocols.
• Application Metadata Intelligence (AMI) — Generate flow-level metadata (HTTP, DNS, SSL/TLS, etc.) to accelerate threat detection and performance monitoring, Centralized NetFlow / IPFIX generation
• Inline Security — Inline bypass and traffic steering for firewalls, IPS, and NDR platforms.
• De-duplication & Header Stripping — Optimize tool efficiency by removing unnecessary or redundant data.
• Load Balancing & Failover — Distribute traffic intelligently and ensure tool availability.
• Scalability — Modular systems that support thousands of ports and terabits of throughput.
• Hybrid & Multi-Cloud Ready — Extend visibility across datacenter, WAN, and cloud-native architectures.

Benefits for the Client

• Enterprise-wide visibility: full coverage of high-speed datacenter and hybrid cloud networks.
• Accelerated detection & monitoring: with application metadata, SOC and NPMD teams gain faster insights.
• Optimize tool ROI: filtering and metadata reduce tool load, extending lifespan of monitoring and security appliances.
• Strengthen security posture: inline bypass ensures traffic always reaches security controls without becoming a bottleneck.
• Future-proof visibility: supports 100G+ networks and next-generation hybrid architectures.

 Why the Gigamon HC Series is Different

• Intelligent visibility fabric — Goes beyond packet forwarding, delivering enriched insights (metadata, decrypted flows, application awareness).
• Inline security chaining — Integrates multiple security tools in series with failover resilience.
• Scalable design — Built for large enterprises, service providers, and high-throughput environments.
• Part of the Gigamon ecosystem — Works seamlessly with TA Series, virtual TAPs, and cloud visibility solutions.

Typical Use Cases

• Delivering enriched traffic to SOC platforms (SIEM, NDR, IDS/IPS).
• Feeding NPMD solutions with optimized and deduplicated data.
• Building inline security architectures with firewalls, DLP, and IPS.
• Generating application metadata for faster threat hunting and troubleshooting.
• Scaling visibility for multi-terabit networks and hybrid cloud.

Services & Support (What We Offer)

• Visibility Assessment – Identify visibility gaps in large-scale networks.
• Design & Integration – Architect and deploy HC Series in existing monitoring/security stacks.
• Metadata Utilization – Build dashboards and use cases leveraging AMI outputs.
• Inline Security Projects – Design resilient chains with bypass and failover.
• Operational Services – Co-sourcing, managed NPB operations, and knowledge transfer.

 “Advanced traffic intelligence to power the Deep Observability Pipeline.”

What is GigaSMART?

GigaSMART is the advanced traffic intelligence engine embedded in Gigamon HC Series appliances. It enriches and optimizes raw packet data before it reaches monitoring and security tools, ensuring that only the most relevant, contextualized, and actionable information is delivered.

As part of Gigamon’s Deep Observability Pipeline, GigaSMART transforms network traffic into enhanced visibility streams, combining packet-level data with application, security, and metadata intelligence. This helps organizations eliminate blind spots, accelerate detection, and optimize tool performance.

Key Features of GigaSMART Traffic Intelligence

• Advanced Packet Manipulation
  • Packet Slicing – remove payloads to preserve bandwidth and comply with privacy requirements.
  • Packet De-duplication – eliminate redundant packets to reduce tool overload.
  • Header Stripping – remove unnecessary headers (e.g., VLAN, MPLS, GRE).
• Security & Compliance Functions
  • Data Masking – obfuscate sensitive fields (PII, credit card numbers, etc.).
  • SSL/TLS Decryption – decrypt encrypted traffic for security and monitoring tools, then re-encrypt if needed.
  • Application Filtering – identify and filter traffic at the application level (HTTP, DNS, SaaS, etc.).
• Traffic Optimization
  • Load Balancing – distribute flows evenly across multiple tools.
  • Flow Mapping – ensure specific flows are always routed to the same tool instance.
  • Tunnel Decapsulation – strip encapsulation (VXLAN, GRE, GTP, MPLS) to expose original traffic.
• Metadata Generation
  • NetFlow/IPFIX Export – convert packet traffic into flow records for SIEM and analytics platforms.
  • Application Metadata – generate enriched information (HTTP status codes, SSL certs, DNS queries, etc.) to accelerate threat detection and performance monitoring.

Benefits for the Client

• Eliminate blind spots: full visibility into encrypted, tunneled, or complex application traffic.
• Optimize tool efficiency: reduce load on expensive IDS, IPS, SIEM, and APM tools by pre-processing traffic.
• Accelerate detection & troubleshooting: enriched metadata helps SOC and NOC teams pinpoint issues faster.
• Ensure compliance & privacy: mask sensitive data while retaining observability.
• Future-proof: supports modern protocols, hybrid cloud, and high-speed (100G+) networks.

Why GigaSMART in the Deep Observability Pipeline is Different ?

Unlike traditional NPB functions, GigaSMART transforms raw packets into context-rich observability streams.

• Deep Observability Pipeline = from TAPs and HC Series appliances, through GigaSMART enrichment, to monitoring and security tools.
• This approach ensures tools receive not just packets, but intelligence (metadata, decrypted content, filtered flows).
• It enables hybrid visibility (on-prem + cloud) and bridges network, application, and security teams with a unified data plane.

Typical Use Cases

• Provide decrypted and filtered traffic to IDS/NDR platforms for advanced threat detection.
• Generate flow records for SIEMs without requiring dedicated collectors.
• Mask sensitive user data before exposing traffic to third-party analytics tools.
• Remove duplicates and headers to reduce tool licensing and hardware costs.
• Feed APM and observability platforms with contextualized metadata instead of raw packets.

Services & Support (What We Offer)

• Deep Observability Workshops – Assess client visibility needs and position GigaSMART features.
• Architecture & Design – Build a Deep Observability Pipeline around HC Series.
• Deployment & Tuning – Configure packet slicing, filtering, and metadata generation.
• Integration – Connect GigaSMART with SIEM, IDS, APM, and observability platforms.
• Managed Services – Operate visibility fabrics as-a-service, including encryption key management.