Network Visibility

Network Packet Brokers

Provide real-time, end-to-end visibility, insight and security into physical, virtual, SDN and NFV networks.

Network Visibility

Industry leading Ixia Network Packet Brokers (NPB) deliver intelligent, sophisticated and programmable network flow optimization providing visibility and security coverage to businesses assets and help IT teams quickly resolve application performance bottlenecks, trouble shoot problems, improve data center automation, better utilize expensive network analysis and security tools and help better business execution because of the improved understanding of the network and data center.

Ixia’s best-in-class Vision portfolio of network packet brokers are easy-to-use, perform under pressure and offer true application intelligence.

  • Dedicated hardware acceleration provides a Zero packet loss architecture
  • Aggregation of traffic from multiple TAPs or SPAN ports
  • Filtering of traffic so that each monitoring or inline security tool receives exactly the right data
  • Load-balancing of traffic to multiple analysis tools
  • SSL decryption to quickly detect emerging threats encrypting exploits within application traffic
  • L7 application awareness efficiently allows for packet processing based on unique applications
  • Dynamic filter compiler handles all filter rule complexities automatically – no overlapping filter rule headaches


Data is routed to one or many network packet brokers; the fabric of packet brokers serves to organize and streamline data for specific monitoring, performance and security tools. Known for their easy-to-use web interface, Ixia’s packet brokers do all the heavy lifting when it comes to managing filter rules, making it easy to manage change while freeing up valuable time to focus on other things. Data is then sent to security, performance and analytics tools; these tools can perform at an optimal level because they receive the right data in the right format and at a manageable throughput. In the case of in-line deployments, approved data is then sent back into your network. Ixia offers single pane of glass management and configuration options, which allows you to scale in both physical and virtual environments.


There are two different ways to deploy network packet brokers:

  1. Inline Security inspect live traffic before it hits your data center network. Tools are grouped serially before traffic enters your production data center enabling real-time traffic inspection and active threat prevention.
  2. Out-of-Band Monitoring provides Passive Traffic Inspection, detection and recording for routine analysis. Tools perform passive traffic inspection, detection, and recording for routine analysis. This model is used extensively in detailed threat analysis, but does not enable any active prevention safeguards or countermeasures.

Common Inline security tools include:

  • Intrusion prevention systems (IPS)

  • Firewalls and next-generation firewalls (NGFWs)

  • Data loss prevention (DLP) systems

  • Unified threat management (UTM) systems

  • SSL decryption appliances

Common out-of-band security tools include:

  • Intrusion detection systems (IDS)

  • Forensic tools

  • Data recording

  • Malware analysis tools

  • Log management systems

  • Packet capture (PCAP) tools


Zero Packet Loss

We have instrumented purpose-built dedicated hardware in our physical packet brokers to ensure zero packet loss, which ensures that your tools receive 100% of the packets they need to perform their job. Our packet brokers will NOT drop data due to congestion regardless of what features used or packet size

Video: Performance Matters

Simultaneous Features

Unlike many competitor solutions where many features such as SSL decryption, NetFlow generation and packet trimming can’t work together in the same module, Ixia provides line-rate guarantee on any combination of features.

Video: Network Visibility – Feature Compatibility Matters

Active-Active Inline

Active-Active is the predominant use case for inline security tool deployment. It performs load balancing during normal operation, and offers safe cut-over on failures.

Drag and Drop User Graphical Interface

We offer an intuitive graphical user interface that allow users to easily define the connections and filter rules between network ports and tools. Configuration of the network is a simple point and click, drag and drop interface, where users can visually represent their network connection needs within minutes.

Video: Ease of Use

Handles Filter Rule Complexities Automatically

When it comes to creating and managing filters, Ixia’s Dynamic Filter Compiler that takes care of the all the complexities of filter rules, allows users to tie any network port to any tool port without being concerned about existing filter logic in any other filter rules. This means that new filter rules can be added at will into existing filters and the Ixia Dynamic Filter compiler takes care of overlap resolution behind the scene

Three Levels of Filter Logic

When creating filter rules, you can add them at three levels: the ingress network ports, a dynamic filter in the middle, and tool filters at at egress. This multiple level of filtering offers natural AND and OR logic thus allow complex Boolean logic to filter traffic in the stringiest way to protect expensive tools from being overloaded.

No Limits on Filter Types

Finally, when managing filter rules, there are not restrictions to the advanced filtering features that can be utilized together. This means users can worry less about what they can and can not do, and focus more on their tools, and what they need to perform at highest levels.

Signature Based Application Detection

We have a team of specialists that manage a database of application signatures that are regularly updated. These signatures allow us to more accurately detect applications, as well as allow for different application streams within applications to be filtered out.

Dynamic Pattern Identification

Application traffic patterns are identified dynamically using Ixia’s patented technology. When a session cannot be identified with existing application signatures, the packet headers are sent to a special engine which identifies reusable patterns. Well-known services (applications) can also be identified based on their used port and protocol.

Detect Unknown Applications

Using our database of known application allows the ability to identify unknown applications which can be used as a filter mechanism to send your security tools more relevant data.

Filter on Application Group

If you want to send all Email traffic, or Microsoft Office 365 documents to a specific monitoring, security or performance tool, no problem, we’ve made it easy to extract and send a different groups of applications data.

Filter on Specific Application Traffic

If you want to filter on specific applications, it’s easy, just point-and-click. You can send Netflix streaming media data, or all Amazon EC2 or S3 data to your monitoring tools. Also, the application intelligence can go deep into applications to easily allow you to filter out different types of data types within an application. For example you can select different streaming media genres from Netflix, like Sci-Fi from Romantic or if you want to separate IMAP traffic from normal email traffic, it’s a simply point-and-click.