.svg)
.png)
When I approached the cPacket stand at Cisco Live earlier this year I thought to myself “Packet capture, fast interfaces, lots of storage, Wireshark, got it, probably not much to see here but let’s have a chat anyway”. A few months on and we’ve had a few presentations from the cPacket team, and I can see how wrong I was. As well as a very powerful capture platform, cPacket has recognised that packets are the fundamental building block of network visibility and observability.
This week, I will cover the primary components of the cPacket architecture, Packet Broker, Packet Capture, Control Center, and Cloud Suite. Next week I will look at the observability capabilities.
cVu (Packet Broker): cPacket offers a distributed packet broker architecture. TAPs and SPAN are consolidated into cVu AG devices, which then further aggregate traffic into cVu-NG devices – see the diagram below. The cVu NG devices support line rate 100G capture at low latency with no drop up to an aggregated throughput of 1.6T using dedicated ASICs and FPGAs. They also support stripping off encapsulations such as VXLAN, MACSec (on select models), and MPLS, as well as deduplication.
cStor (Packet Capture): 100G interfaces take 6.7 nanoseconds to process each packet. As a result, the packet capture devices need the ability to capture this traffic to disk at line rate to preserve the fidelity of the capture data. cStor devices provide capture with Capture to Disk (CTD) capabilities of 10G, 20G, 40G, 100G, and 200G. Once you’ve got the capture information, they also support storage capabilities which range from 48TB all the way up to 2PB. cClear (Control Center): The cPacket devices are all managed centrally from cClear. In addition, all analytics from cVu and cStor are passed to cClear, this enables analytics for Network and Security observability, as well as integrations through open APIs and Model Context Protocol (MCP).
Cloud Suite: cVu-V, cStor-V, and cClear-V provide hybrid cloud support on providers such as AWS, Azure, and GCP, as well as a VMware ESXi form factor. cVu-V and cStor-V can be used to capture traffic from within the cloud in an agentless manner and 5% less dropped packets than native capture tools.
Next week I will focus on the increasingly important Observability solutions that cPacket offers. In the meantime, get in touch with any comments, queries, or corrections.
