Skip to main content

Enterprise SONiC Distribution for
Packet Broker

Asterfusion PB-APP – Open, Scalable, Intelligent SONiC Packet Broker
Explore Feature
Supported Hardware
Documentation
npb-modular-container-on-sonic
Asterfusion PB-APP is a next-generation Network Packet Broker application built on SONiC and Asterfusion 1G- 800G white-box switching hardware.
Named PB-APP to reflect its software-defined, application-based architecture, it decouples packet broker capabilities from fixed-function appliances and runs as a containerized service on open platforms.

SONiC
-Based

Containerized Service

Open Hardware

PB-APP delivers scalable traffic aggregation, intelligent load balancing, and advanced visibility from 1G to 800G with lower cost and an open architecture, enabling automation, high-speed monitoring, and secure traffic processing at line rate for modern data centers, DCI, and SMB networks.

Scalable Performance

Scalable-Performance

Open & Cost-Effective

Open-Cost-Effective

Line-rate Processing

Line-rate-Processing
npb-modular-container-on-sonic
micro-burst-mitigation-with-flowlet

Micro-Burst Mitigation with Flowlet

Eliminate elephant-flow-induced congestion through flowlet-based load balancing.
unified-packet-broker-platform

Unified Packet Broker Platform

All-in-one design (ASIC + optional DPU) integrating advanced features.
Comprehensive-Product-Portfolio

Comprehensive Product Portfolio

Ranging from 1G to 800G, meeting requirements from campus to hyperscale data centers.

operational-simplicity

Operational Simplicity

Automated configuration via Ansible and real-time observability with Prometheus Exporter.
secure-at-line-rate

Secure at Line Rate

MACsec encryption protects sensitive traffic at line rate.
active-inline-mode-deployment

Active Inline Mode Deployment

Move beyond passive monitoring to enable inline traffic orchestration.
tunnel-aware-traffic-distribution

Tunnel-Aware Traffic Distribution

Hashing on inner headers for efficient processing of encapsulated traffic.
High-Speed-Optical-Connectivity

High-Speed Optical Connectivity

Supports 400G/800G ZR/ZR+ for long-haul interconnect and data center extension.

    ASIC based Standard NPB Features

    FeatureLevel 1Level 2Level 3CX102SCX202PCX206PCX308P CX306PCX532PCX732
    IntefaceEthernet Port1G/10G
    IntefaceEthernet Port25G
    IntefaceEthernet Port40G
    IntefaceEthernet Port100G
    IntefaceEthernet Port400G
    IntefaceEthernet PortBreakout Mode4*10G/1G
    IntefaceEthernet PortBreakout Mode4*100G
    IntefaceEthernet PortBreakout Mode4*25G
    IntefaceManagementStartup & Shutdown
    IntefaceManagementStartup delay
    IntefaceManagementFEC
    IntefaceManagementLoopback
    IntefaceManagementPort StaticPackets & Bytes
    IntefaceManagementPort StaticMulticasts packets
    IntefaceManagementPort StaticError & Drop & Over packets
    IntefaceManagementPort StaticSpeed & Utilization ratio
    IntefaceManagementPort StaticV4/V6 Packets
    IntefaceManagementPort threshold alarm
    IntefaceManagementModule Information AcquisitionIn-position information
    IntefaceManagementModule Information AcquisitionManufacturer information
    IntefaceManagementModule Information AcquisitionOptical power information
    IntefaceManagementModule Information AcquisitionRelevant threshold information
    IntefaceManagementPort typeService
    IntefaceManagementPort typeNetwork
    IntefaceManagementPort typeTool
    IntefaceManagementPort typeHybrid
    IntefaceManagementInput/Output multiplexing
    IntefaceManagementTraffic statistics export
    IntefaceManagementNetwork configMAC
    IntefaceManagementNetwork configIP
    IntefaceManagementBatch port configuration
    IntefaceManagementShow/Hide Columns
    IntefaceHash ModeGlobal hashSrc-dst-ip
    IntefaceHash ModeGlobal hashSrc-dst-ip-port
    IntefaceHash ModeGlobal hashSrc-dst-mac
    IntefaceHash ModeGlobal hashSrc-dst-mac-ip
    IntefaceHash ModeGlobal hashSrc-dst-mac-ip-port
    IntefaceHash ModeCustom hashSrc-ip
    IntefaceHash ModeCustom hashDst-ip
    IntefaceHash ModeCustom hashSrc-port
    IntefaceHash ModeCustom hashDst-port
    IntefaceHash ModeCustom hashSrc-mac
    IntefaceHash ModeCustom hashDst-mac
    IntefaceHash ModeCustom hashSymmetry MAC
    IntefaceHash ModeCustom hashSymmetry IPv4
    IntefaceHash ModeCustom hashSymmetry IPv6
    IntefaceHash ModeCustom hashSymmetry L4
    IntefaceHash ModeCustom hashCustom Symmetry Src IPv4
    IntefaceHash ModeCustom hashCustom Symmetry Dst IPv4
    IntefaceHash ModeCustom hashCustom Symmetry Src IPv6
    IntefaceHash ModeCustom hashCustom Symmetry Dst IPv6
    IntefaceTunnel StrippingCFP
    IntefaceTunnel StrippingERSPAN
    IntefaceTunnel StrippingGRE
    IntefaceTunnel StrippingGTP
    IntefaceTunnel StrippingIPinIP
    IntefaceTunnel StrippingPPPoe
    IntefaceTunnel StrippingMPLS
    IntefaceTunnel StrippingVXLAN
    IntefaceRule TypeL2 rule filteringAdjust priority based on a specific policy
    IntefaceRule TypeL3 rule filteringSource MAC
    IntefaceRule TypeL4 rule filteringOuter VLAN
    IntefaceRule TypeL5 rule filteringEtherType
    IntefaceRule TypeL6 rule filteringAny combination of the above fields
    IntefaceRule TypeL3/L3V6 rule filteringIP Version
    IntefaceRule TypeL3/L3V7 rule filteringOuter VLAN
    IntefaceRule TypeL3/L3V8 rule filteringSource IP Support Mask
    IntefaceRule TypeL3/L3V9 rule filteringDestination IPv6Support Mask
    IntefaceRule TypeL3/L3V10 rule filteringDestination IPv4 Support Mask
    IntefaceRule TypeL3/L3V11 rule filteringSource Port
    IntefaceRule TypeL3/L3V12 rule filteringDestination Port
    IntefaceRule TypeL3/L3V13 rule filteringIP Protocol
    IntefaceRule TypeL3/L3V14 rule filteringIPv4 Frag
    IntefaceRule TypeL3/L3V15 rule filteringDSCP
    IntefaceRule TypeL3/L3V16 rule filteringICMP-Type
    IntefaceRule TypeL3/L3V17 rule filteringVLAN Priority
    IntefaceRule TypeL3/L3V18 rule filteringSource MAC
    IntefaceRule TypeL3/L3V19 rule filteringAny combination of the above fields
    IntefaceRule TypeEX rule filteringDestination MAC
    IntefaceRule TypeEX rule filteringSource MAC
    IntefaceRule TypeEX rule filteringSource IPV4
    IntefaceRule TypeEX rule filteringOuter VLAN
    IntefaceRule TypeEX rule filteringEtherType
    IntefaceRule TypeEX rule filteringVNI
    IntefaceRule TypeEX rule filteringTCP Flag
    IntefaceRule TypeEX rule filteringAny combination of the above fields
    IntefacePort Range MatchingEX rule filtering
    IntefaceMatch ModeInner layer matching after tunnel stripping
    IntefaceMatch ModeInner Layer Matching in MPLS Tunnels
    IntefaceMatch ModeFiltering in the TX direction at the port
    IntefaceActionAdd/Modify/Delete outer vlan in forward mode
    IntefaceActionAdd timestamping
    IntefaceActionDst MAC modification
    IntefaceRule ManagementRule search
    IntefaceRule ManagementRule hit num reflush/clean
    IntefaceRule ManagementRule hit bytes reflush/clean
    IntefaceRule ManagementShow/Hide Columns
    IntefaceRule ManagementSelect all rules
    IntefaceRule ManagementDeselect all rules
    IntefaceRule ManagementSelect range rules
    IntefaceRule ManagementAdjust prioritiesHighest Priority
    IntefaceRule ManagementAdjust prioritiesLowest Priority
    IntefaceRule ManagementAdjust prioritiesAdjust priority based on a specific policy
    Forward policyMirrorPorts SPAN to ports
    Forward policyMirrorPorts RSPAN to port
    Forward policyMirrorPorts ERSPAN to L3 port
    Forward policyMirrorPorts/LAG SPAN to ports with ACL
    Forward policyMirrorPorts/LAG RSPAN to port with ACL
    Forward policyMirrorTruncation of 128 bytes
    Forward policyReplicationPorts/LAG Copy to LAG with ACL
    Forward policyReplicationPorts/LAG Copy to ports witch ACL
    Forward policyReplicationPorts/LAG Copy to ports +LAG with ACL
    Forward policyForwardPorts/LAG forward to LAG with ACL
    Forward policyForwardPorts/LAG forward to port with ACL
    Forward policyForwardPorts/LAG forward to drop with ACL
    Forward policyManagementEnable/Disable policy
    Forward policyManagementSet color for policy
    Forward policyManagementCopy a set of forwarding policies for re-editing
    Forward policyManagementPolicy hit num reflush/clean
    Forward policyManagementPolicy hit bytes reflush/clean
    Load balancingModeflex mode
    Load balancingModestatic mode
    Load balancingModeweight mode
    Load balancingModestandby modePort priority
    Load balancingModestandby modeLACP port preemption
    Load balancingModestandby modeRate-first
    Load balancingModestandby modepriority-first
    Load balancingModestandby modePort preemption delay configuration
    Load balancingManagementFixed load balancing members
    Load balancingManagementhash seed
    Management & MonitoringDevice ManagementUser interfaceConsole
    Management & MonitoringDevice ManagementUser interfaceSSH
    Management & MonitoringDevice ManagementUser interfaceTelnet
    Management & MonitoringDevice ManagementUser interfaceCLI
    Management & MonitoringDevice ManagementUser interfaceRESTful API
    Management & MonitoringDevice ManagementUser interfaceWEB UI
    Management & MonitoringOnline PdateUser interface
    Management & MonitoringTime SynchronizationPTP
    Management & MonitoringTime SynchronizationNTP
    Management & MonitoringLicenseNTP
    Management & MonitoringDevopsAnsible
    Management & MonitoringLLDPAnsible
    Management & MonitoringFile TransferFTP
    Management & MonitoringFile TransferTFTP
    Management & MonitoringCondition MonitoringTemperature information
    Management & MonitoringAlarmsFan information
    Management & MonitoringAlarmsPower supply information
    Management & MonitoringAlarmsVersion information
    Management & MonitoringAlarmsSystem time
    Management & MonitoringAlarmsDisplaying Management Port Information
    Management & MonitoringAlarmsDisplay CPU/Memory usage status
    Management & MonitoringAlarmsTemperature alarms
    Management & MonitoringAlarmsPower out of position alarms
    Management & MonitoringAlarmsFan out of position alarms
    Management & MonitoringAlarmsTraffic overflow alarms
    Management & MonitoringAlarmsSNMP
    Management & MonitoringAlarmsSyslog
    Management & MonitoringAlarmsExporter to Prometheus

    DPU based Advanced NPB Features

    FusionNOS Feature Specification List (Running on ET3212, ET2500, ET3600 series Marvell DPU CN9670, CN102, CN103 & DPU Platform.

    FeaturesLevel 1 Functions
    Flow FiltrationSupport for IPv4/IPv6 wildcard seven-tuple rules
    Flow FiltrationSupports L2 source-destination mac, Ethernet protocol type rules
    Flow FiltrationSupports IPv4/IPv6 exact quintuple rules
    Flow FiltrationSupport fixed window keyword rules/floating window keyword rules
    Flow FiltrationSupport vlan, mpls, gre, vxlan, ssl_tls, ipip, ip6, ip6ip, ip6ip6, teredo, ipsec_ah, ipsec_esp, ftp, pop3, smtp, dns, radius, coap, pptp, l2tp, https, icmp bgp, ospf, isis, gtp, sctp message type filtering
    Flow FiltrationSupport for URL rules
    Flow FiltrationSupport TCP Flag rules, including "fin", "syn", "rst", "psh", "ack", "urg", "ecn", "cwr", "nonce".
    Flow FiltrationSupport for combination rules
    Traffic ForwardingSupports forwarding to a specific port or group of ports
    Traffic ReplicationSupports replication to a port or ELAG group
    ConvergenceSupports multiple traffic aggregation
    Load BalancingSupports the creation of logical outgoing interfaces (ELAG)
    Load BalancingSupports load balancing policies based on source-destination IP, quintuple, and tunnel inner IP quintuple;
    Load BalancingSupports static, dynamic, and load balancing modes with weights
    Load BalancingSupport capture message same source and same host output
    VLAN ProcessingSupports adding VLANs, removing outer VLANs, and modifying VLANs
    Message ProcessingSupports message de-duplication, optionally ignoring TTL, MAC, L2, DSCP, interface (cpu interface), TCP (including seq_num and ack_num for tcp, checksum for tcp), IPID, FCS, and optionally supporting (sport, dport, sip, dip, smac, dmac) fields.
    Message ProcessingSupport for timestamping
    Message ProcessingSupport for Message Specified Offset Stripping
    Message ProcessingSupports outer layer MAC address modification
    Message ProcessingTCP Reorganization
    Message ProcessingSupports message truncation
    Message ProcessingSupports message desensitization
    Message ProcessingSupports IP slice reorganization
    TunnellingSupports GRE, VXLAN, ERSPAN tunnel encapsulation stripping
    TunnellingSupports stripping one or more layers of VLAN encapsulation
    TunnellingSupports stripping one or more layers of MPLS encapsulation
    Message EncapsulationSupports GRE, VXLAN, ERSPAN I, ERSPAN II, ERSPAN III
    End of TunnelSupports GRE, VXLAN tunnel termination
    Message OutputSupports message sampling output; supports NetFlow
    PortsSupport port multiplexing; support automatic monitoring of port link status and security protection
    Basic Management FeaturesSupport serial port, SSH, RestAPI, CLI management methods
    Basic Management FeaturesSupports online security upgrades
    Basic Management FeaturesSupport configuration file import and export
    Basic Management FeaturesSupports NTP clock synchronization
    Basic Management FeaturesSupports SYSLOG log management
    Basic Management FeaturesSupports LLDP sending
    Basic Management FeaturesSNMP support
    Statistical PropertiesSupport device status statistics, including system memory and CPU usage
    Statistical PropertiesSupports interface information statistics, including interface configuration and status, interface packet type statistics, interface packet count and rate statistics.
    Statistical PropertiesSupports rule hit statistics, reorganization function statistics, de-duplication function statistics, NetFlow statistics

    Supported Hardware Platforms

    Lifetime license, quarterly releases, and expert assistance for hassle-free operations.

    Click to view hardware→

    Standard-icon

    Asterfusion CX-M Series

    Based on Marvell Prestera and Falcon chips, it supports 1G-400G speeds, integrates standard switch features, and enables high-performance forwarding, traffic filtering, and service chaining.
    Asterfusion CX-N Series
    Featuring Marvell Falcon and Teralynx chips, it supports 25G-800G speeds, with leading 800G forwarding, 512 high-density ports, and provides a visual solution for AI and cloud traffic peaks.
    Advanced-icon

    Asterfusion ET Series

    Based on Marvell Prestera and Falcon chips, it supports 1G-400G speeds, integrates standard switch features, and enables high-performance forwarding, traffic filtering, and service chaining.

    Frequently Asked Questions

    Your Guide to Software Versions, Deployment & Support

    How does PB-APP differ from traditional hardware-based Network Packet Brokers?
    PB-APP adopts a software-defined, application-based architecture built on SONiC, decoupling NPB capabilities from proprietary hardware and running as a containerized service on standard white-box switches. This significantly reduces total cost of ownership (TCO), increases flexibility, programmability, and scalability, and avoids vendor lock-in.

    What typical use cases is PB-APP suitable for?
    PB-APP is suitable for data centers, DCI, service provider networks, and SMB networks, covering performance monitoring, network visibility, security analysis, DPI, and traffic auditing. It supports both inline and passive deployment modes, enabling flexible adaptation for security device chaining, bypass monitoring, and hybrid deployments.
    How does PB-APP achieve fine-grained traffic distribution in high-speed networks?
    PB-APP supports ARS Flowlet scheduling, enabling fine-grained, dynamic, and adaptive load balancing in Spine-Leaf architectures. This ensures session consistency while improving link utilization and efficiency when multiple analytics tools process traffic in parallel.
    What additional benefits does the optional DPU module provide?
    With an optional DPU acceleration module, PB-APP can perform traffic deduplication, TCP out-of-order reassembly, and NetFlow export at the hardware level. This offloads processing from the main CPU, improves analytics accuracy, and reduces backend tool load—ideal for high-density, high-speed traffic environments.
    How does PB-APP support automation and modern operations?
    PB-APP natively supports Ansible Playbook, seamlessly integrating into DevOps workflows for one-click configuration, policy updates, and operational tasks. It is also fully compatible with Prometheus/Grafana, providing real-time, measurable data for network visibility and capacity planning.
    What built-in security features does PB-APP offer?
    PB-APP includes MACsec link-layer encryption, ensuring confidentiality and integrity of traffic even on high-speed links. This is particularly valuable for multi-datacenter, campus, or compliance-sensitive environments, keeping monitored and analyzed traffic secure.
    How does PB-APP help customers future-proof their network?
    PB-APP supports a complete portfolio from 1G to 800G, with 400G/800G ZR/ZR+ optical connectivity for long-haul interconnects and data center extension. Its open architecture and SONiC ecosystem allow customers to evolve capabilities without changing the platform, providing a sustainable, future-ready network visibility solution.
    Which DPU models are supported for PB-APP?
    PB-APP offers flexible DPU options, currently supporting Marvell OCTEON CN9670 or Marvell OCTEON CN10 103. These DPUs provide hardware acceleration for advanced functions like traffic deduplication, TCP out-of-order reassembly, and NetFlow export, ensuring line-rate performance and stability in high-throughput environments.