Disaggregated Packet Broker
Complete network visibility built on open hardware and SONiC - software-defined TAPs, flow-aware aggregation, and multi-tool forwarding with zero proprietary lock-in.
Network visibility without the vendor trap
The Disaggregated Packet Broker runs on ONIE-preloaded, OCP-compliant whitebox hardware powered by SONiC - delivering enterprise-grade visibility without proprietary appliances.
Open Hardware
Built on ONIE-preloaded, OCP-compliant whitebox hardware. Runs SONiC NOS with a container-based architecture - no vendor lock-in, no proprietary ASICs required.
Software TAPs & Aggregation
Software-defined TAPs and flow-aware aggregators capture traffic from SPAN ports across the network - simpler provisioning with no need for dedicated hardware tap devices.
Multi-tool Forwarding
Replicate and forward filtered traffic to multiple downstream security and analytics tools simultaneously - IDS, forensics, NPM, and APM - from a single traffic capture point.
Everything you need for complete traffic visibility
Advanced filtering at line rate
Apply multiple simultaneous L3/L4 filter policies to classify and route traffic with precision. Supports both IPv4 and IPv6, with flexible match criteria across IP addresses, port ranges, protocols, and VLAN IDs - all processed at wire speed with zero packet loss.
- Multiple simultaneous filter rules - IPv4 and IPv6
- L3/L4 header matching - IP, ports, protocols, VLANs
- Source port labeling via VLAN tagging and untagging
- Configurable via IS-CLI, SONiC CLI, or REST API
# Traffic aggregation status dpb# Ingress ports: Eth1/1 18.4 Gbps Eth1/2 22.1 Gbps Eth1/3 9.7 Gbps Egress group IDS: Eth2/1 24.8 Gbps Eth2/2 25.4 Gbps Flow-hash LB: src/dst IP+port
Flow-aware aggregation and load balancing
Intelligently combine traffic from multiple ingress ports and distribute it across tool egress ports using flow-aware load balancing. Ensures downstream monitoring tools are never oversubscribed and no traffic flows are split across sessions — preserving full flow context for every tool.
- Multi-port aggregation from SPAN and TAP sources
- Flow-hash load balancing keeps sessions intact
- Port speeds from 1G to 400G with breakout support
- Port breakout: 40G → 4x10G, 100G → 4x25G
dpb# Port RX Pkts TX Pkts Drops Eth1/1 24,871,204 24,871,204 0 Eth1/2 31,102,987 31,102,987 0 Eth2/1 22,450,119 22,450,119 0 All thresholds nominal ✓
Real-time telemetry and SNMP alerting
Continuous per-port and per-packet statistics give complete visibility into DPB health and traffic volumes at all times. Configurable SNMP alerts notify operations teams immediately when thresholds are breached - integrating seamlessly into existing NOC workflows.
- Real-time per-port RX/TX counters and drop statistics
- Configurable SNMP v2c/v3 alert thresholds
- Full REST API for programmatic stats access
- SONiC CLI and IS-CLI for interactive monitoring
Built on SONiC. Deployed out-of-band.
DPB sits entirely off the production data path. Traffic is mirrored in from SPAN and TAP ports, processed, and forwarded to visibility tools - with zero impact on production switching performance.
Ingress Layer
Collects mirrored network traffic from distributed sources without touching production forwarding paths.
- SPAN and TAP ingestion support
- Broad port-speed compatibility
- Out-of-band visibility entry
Ingress — Traffic Sources
Processing — SONiC NOS Engine
Egress — Visibility & Security Tools
Management
Production-validated on open hardware
PalC DPB is certified on these Accton/Edgecore whitebox platforms - all OCP-compliant with ONIE support and Tomahawk or Trident ASICs.
| Model | Manufacturer | ASIC | Port configuration | SKU |
|---|---|---|---|---|
| AS7712-32X | Accton | Broadcom Tomahawk | 32 x 100G | AS7712-32X |
| AS5835-54X | Accton | Broadcom Trident 3 | 48 x 10G + 6 x 100G | AS5835-54X |
| AS7716-32X | Accton | Broadcom Tomahawk | 32 x 100G | AS7716-32X |
| AS5812-54X | Accton | Broadcom Trident 2 | 72 x 10G | AS5812-54X |
| AS5835-54T | Accton | Broadcom Trident 3 | 48 x 10G + 6 x 100G | AS5835-54T |
| RA-B6510-48V8C | Ragile | Broadcom Trident 3 | 48 x 25G + 8 x 100G | RA-B6510-48V8C |
Open visibility vs proprietary packet brokers
Traditional packet brokers are expensive, vendor-locked appliances. PalC DPB delivers the same - and more - on open, commodity hardware you already own.
| Capability | PalC DPB Open | Proprietary Broker | Basic SPAN / TAP | Manual Workflow |
|---|---|---|---|---|
| Runs on open whitebox hardware | ✓ | ✗ | ✗ | ~ |
| Flow-aware load balancing | ✓ | ✓ | ✗ | ~ |
| Packet replication to multiple tools | ✓ | ✓ | ✗ | ~ |
| L3/L4 filtering (IPv4 + IPv6) | ✓ | ✓ | ✗ | ~ |
| Port speeds up to 400G | ✓ | ✓ | ✗ | ✗ |
| IS-CLI & REST API management | ✓ | ✗ | ✗ | ~ |
| Zero additional hardware cost | ✓ | ✗ | ✓ | ✗ |
| SONiC container-based updates | ✓ | ✗ | ✗ | ✗ |
| Out-of-band deployment model | ✓ | ~ | ✓ | ✗ |
Built for every visibility scenario
From enterprise data centres to telco edge, DPB provides the traffic visibility foundation that security and operations teams depend on.
Security & Threat Detection
Feed IDS, IPS, and SIEM tools with precisely filtered, load-balanced copies of traffic - without oversubscribing tools or affecting the production network.
Network Forensics
Capture and store specific traffic flows for incident investigation and audit trails. Source port labeling ensures clear forensic provenance for every packet.
Application Performance
Deliver application traffic samples to NPM and APM tools for latency analysis and SLA enforcement - with zero impact on production paths.
DC Migration & Testing
Mirror production workloads during data centre migrations to validate new infrastructure in parallel - safe cutover without downtime risk.
Compliance Monitoring
Selectively capture regulated traffic streams to dedicated compliance recording tools - meeting PCI-DSS, HIPAA, and SOC2 data retention requirements.
Cloud & Telco Edge
Deploy lightweight, disaggregated packet brokering at cloud edge and telco PoP locations where dedicated appliances are cost-prohibitive or operationally infeasible.
See DPB running in your environment
Request a demo and our team will walk through a live DPB deployment on your hardware - filter configuration, tool forwarding, and real-time statistics.
Request a Demo
Tell us about your environment and we'll be in touch within one business day.
ODM PARTNERS
TRUSTED BY LEADING TECHNOLOGY PARTNERS
Next steps
Planning open, scalable packet visibility for your network?
Talk to the PalC team about deploying the Disaggregated Packet Broker for filtering, aggregation, and tool delivery on open networking hardware.
