BitBouncer (BB) is an AVC (Application Visibility and Control) network appliance, developed by HSD’s Technology arm. BB provides a comprehensive toolkit to enable network operators to achieve visibility and control of the network at the application layer.
Features at a glance
- Application Visibility – complete visibility of applications in realtime, with option to record traffic and/or flows
- Application Control – configure custom rules to control, i.e., drop, copy or forward, matching application traffic
- Flexible configuration of input/output interfaces, with support for high-performance software packet capture technologies including (Linux) Netmap pipes and PF_RING
- Specialised output interfaces, including support for TAP devices and raw sockets, as well as Pcap output direct-to-disk.
- Support for Napatech hardware – based capture cards (up to 10G) as both input/output interfaces
- Web-based dashboard and admin UI – provides realtime visibility and reporting of analytics and administration by authorised personnel
- Advanced rule configuration, with support for Layer-4 (BPF) filters as well as custom application (Layer-7) protocols
- Optional device identification – BB discovers network devices by inspecting DHCP and Bonjour traffic
- Time Series (embedded SQLite) database persistence for metrics, with configurable sample times (1s, 1m, 10m, 1h, 1d) and matching retention periods
- Enterprise ready – AD/LDAP integration option for authentication and authorisation; support for Oracle/PostgreSQL databases for demanding database loads.
- Support for Silicom Ethernet Bypass cards – for inline, network tap, configurations
From its inception, BB was designed with integration in mind, not just as a “black box” appliance. This design is reflected in the feature set, which includes options designed to support integration with complementary systems and services.
BB supports a range of input/output options that enable flexible configurations whereby BB may be deployed as part of a pipeline, providing pre-or-post processing services.
The following tables provide a summary of the device support, respectively, for input and output. (The term “device” in this context includes software/hardware devices, as well logical devices such as streams and files.)
BB’s rule engine allows filtering to be performed at both the network and application layers.
At the network layer, BB supports the use of standard BFP (Berkeley Packet Filter) rules to filter traffic. The standard BPF grammar is available along with a custom (SQL-like) “in” operator, which may be used to match custom address blocks.
At the application layer, rules are applied to classes of applications, using the classification determined by the NAVL engine. These classifications take the form of simple names such as “FACEBOOK”, “SIP”, “YOUTUBE”. Matching applications is as simple as selecting the class of application by name.
Custom application rules provide the ability to further filter application traffic based on application metadata. Note, access to detailed metadata (fields) for particular protocols is subject to access to plaintext communications, or in other words encryption. In the case of TLS (Transport Layer Security), for example, the set of detailed metadata includes all information that is exchanged between the client and server in plaintext as part of the TLS “handshake”.
BB “actions” are commands that determine the fate of traffic matched by the rules engine. These actions may be likened to the standard actions available in conventional firewalls such as “Drop” and “Reject”.