Products

Any-to-Any Delivery

• Each interface can be INPUT or OUTPUT
• 1-to-many, many-to-1, many-to-many
• To any selected interface after filtering

Advanced Distribution

• Filter Processor
• Composed of a set of rules with AND / OR operation
• Session-based filtering and packet-based filtering
• L2-L4 header filtering rule: MAC address, Ethertype, VLAN ID, IP range, TCP/UDP port…
• DPI-enabled Filter Processor
• L4-L7 Pattern-based filtering
• Pattern format: HEX, ASCII strings and Regular Expression
• Tunnel-awareness filter
• Apply all filtering rules on in-tunnel packets where GRE / VxLAN / QinQ / MPLS
• unnel ID (ERSPAN/X-tunnel) filtering
• Processor Chain
• User-defined graphs of Filter Processors

Out-of-band Load balance

• Same Dst IP / Src IP / Dst Port / Src Port sticky to same egress ports
• Same 5-tuple hash sticky to same egress ports
• Delivery HA: Re-distribute to link-up egress ports
• Balance port groups: Max 8 egress ports

Packet Engineering

• Tag removal: MPLS / VLAN / QinQ…
• Unpacking Tunnel (Tag removal and re-encapsulation): GRE / GTP / ERSPAN / NvGRE / VxLAN
• User-defined VLAN tagging for input packets or output packets
• Packet Deduplication

Monitoring Network Virtualization

• GRISM to GRISM tunnel
• Encapsulation: GRE, VxLAN, ERSPAN, X-tunnel

Network Traffic Intelligence Extraction

• Generate Netflow V5 / V9
• Generate HTTP log
• Generate DNS log

Front-line Security

• Massive Blocking
• IP / Domain / URL
• Max 2,000,000 entries
• 3rd party threat intelligence import

Sensitive Data Protection

• Packet slicing
• Preserve N bytes
• Remove TCP / UDP payload
• Data mask
• Replace sensitive data segment in TCP / UDP payload
• Data segment can be defined in regular expression

In-Line Aggregation and Re-Distribution

• N network links X M monitoring links (N X M)
• In-line session-based load balance with HA strategy
• Intelligent content-based bypass
• IP address List
• User-defined pattern in regular expression

PCAP File Processing

• Stream snapshot in PCAP format
• Filter PCAP files with timestamp persistance
• Remote recording agent over L2-L4 switch

Telecom Correlation Processing

• Mobile 3G / LTE data netwok
• Filter GTP-C / GTP-U by IMSI/IMEI
• Subscriber-based load balance
• Fixed ISP network
• Filter user-plane packets by RADIUS ID
• subscriber-based load balance

Virtual Machine Traffic

• VM traffic redirection by GRISM-V (as a VM instance)
• Supporting environment
• KVM
• VMware ESXi / vSphere

System Control and Operation

• Web GUI agent for authenticated users
• Advanced Control
• XML script over HTTP
• Management protocol: Telnet, HTTP, SNMP V2