Packet-Level Truth Without the Lock-In
Deep network observability needs packet-level truth, but most network teams must choose between expensive proprietary brokers or flow-only tools that miss what matters. Most network observability solutions live in one of two imperfect camps:
Proprietary packet-broker or DPI appliances that are powerful but extremely expensive, rigid, and require hardware vendor lock-in.
Flow-based tools that are easier to operate but can’t give packet-level visibility when it matters.
Aviz’s Deep Network Observability (DNO) takes a third path: disaggregated, modular packet intelligence. A disaggregated packet broker solution is the best of both worlds. It provides the granular visibility that only packet captures can give, but without the burden of needing proprietary hardware and being locked-in to a single vendor for the next decade.
This modern software-based solution is built from the ground up to operate on third-party whitebox switches and x86 platforms. And with an intelligence pipeline to provide context, network operators can understand packet captures in terms of what’s happening with application delivery.
Aviz Deep Network Observability
Aviz Deep Network Observability’s differentiator is disaggregated packet intelligence that delivers packet-level truth without proprietary lock-in or DPI sprawl. Instead of spending an entire year’s budget (or more) on a legacy packet broker solution or relying on sampled flows, Aviz DNO slashes packet broker total cost of ownership, eliminates hardware vendor lock-in, and future-proofs network observability by decoupling the software from the underlying hardware.
What it Looks Like in Production
First, the Aviz Packet Broker runs as hardware-agnostic software on white-box switches (Broadcom or NVIDIA ASICs), providing the disaggregated packet-broker functions such as layers 2, 3, and 4 filtering, replication, packet slicing, VXLAN, MPLS, GRE, and IP-in-IP handling, GTP header filtering, and symmetric load-balancing.
In the image below, notice that you can easily forward copies of production packets via SPAN to packet brokers installed on whitebox switches. As seen in the image below, filtering happens at ingest before being forwarded to the Aviz Service Nodes.
Using off-the-shelf x86 servers, Aviz Service Nodes (ASNs) do the heavy lifting needed for modern observability. This includes deep packet inspection, application identification, packet de-duplication, GTP-C/U correlation for 4G and 5G, KPI computation, and so on. Additionally, ASNs export structured metadata via Kafka to SIEMs, APM tools, and data lakes.
Lastly, FlowVision serves as the single, unified UI used to orchestrate rules and tunnels across Packet Brokers and ASNs. In this way, you can create the dashboards, alerts, and orchestrations necessary to effectively manage and interpret enormous, enriched volumes of network data.
In the next graphic, you can see the entire system of Packet Brokers and ASNs, managed by FlowVision, and then feeding analytics tools such as Elastic Stack, SIEMs, and so on. Notice that the Aviz DNO fabric handles everything needed to supply a suite of analytics tools with the processed data necessary for effective network operations.
Why this Matters to Network Operations
Filter Where the Packets Live
Running the broker on whitebox switches you choose yourself turns the fabric into a first-class observability plane. With Packet Broker, you can slice, label, and balance flows right at ingress. The effect is impressive – fewer tools to manage, fewer false positives, and better session integrity across tunnels.
Telco-grade Correlation and Enterprise App Visibility
The same pipeline understands GTP for 4G and 5G as well as classic data center encapsulations such as VXLAN, MPLS, and GRE. It then computes per-user, per-session, or per-app KPIs and insights.
In one particular production deployment for a well-known telco we reviewed, Aviz’s two-stage pipeline (fabric filtering and DPDK analytics) detected degradation in less than 5 seconds and cut DPI hardware and power by almost 80%. Then, real-time data was streamed via Kafka into the Telco’s tools. That combination – subscriber context, second-level insight, and open export – is rare outside expensive and monolithic proprietary DPI solutions.
Openness and Choice as a Design Choice
Because the Aviz Packet Broker is containerized on open-source software, you can select the switch and ASIC, do image-style upgrades, and keep moving as port speeds evolve. You can even reuse existing switches and standardize on a single operational model, which means Aviz’s DNO solution always remains at the forefront of the latest technology without having to wait for expensive and disruptive hardware refresh cycles.
Also, this modular architecture gives network operators the ability to rollout the solution in phases. For example, if a network team already has a packet broker in place, they can continue to use it along with ASNs and FlowVision until Packet Broker is fully deployed.
This kind of flexibility is fundamental to the Aviz architecture.
What this Solves for Network Operations
Network operators wrestle with two problems with legacy visibility:
Tool overload (duplicate or irrelevant mirrored traffic), and
A loss of user and session context once packets leave the core or encapsulation boundaries.
Flow-only platforms don’t see payload-adjacent details well enough to guarantee root-cause, and proprietary DPI appliances may be able to restore context, but only if you backhaul everything to them. That creates a very expensive scaling problem.
The Packet Broker and ASN pipeline filters layers 2 through 7 at the leaf/spine, and symmetric hashing ensures the right packets (and only the right packets) reach the analytics engine. Additionally, you can slice payloads to protect downstream tools and privacy.
Using x86 servers, ASNs deduplicate, correlate the control and user-plane, and calculate KPIs you can alert on such: as subscriber throughput, latency, application response time, and so on–in near real-time. You export metadata via Kafka to your SIEM or APM solution, which means there’s no forced ecosystem switch.
What this Does to the Budget
So what does this mean for the bottom line? First, we stop paying the “proprietary chassis tax.” Because Packet Broker runs on standard white-box switches, you replace specialty packet-broker hardware with switches you can source competitively. This can mean a huge cost savings at the broker layer and associated support and licensing.
But it doesn't stop there. Next, you can achieve a longer asset life. Not only can you avoid expensive proprietary hardware, but we can also realize a significant reduction in DPI footprint and power with the two-stage approach (fabric filtering → x86-based analytics). The savings aren’t just boxes–it also means savings in power, cooling, and maintenance.
You should also consider that disaggregation of software and hardware means you don’t have to forklift the broker every time speeds or features change. This extends the service life and reduces the need for frequent upgrades, slashing re-qualification and change-window costs.
Next, by deduplicating and slicing at ingress, you send less traffic to expensive analytics stacks, ultimately freeing the budget for new use-cases (or shrinking existing invoices). Reducing mirrored traffic before it hits analytics tools will have a huge positive impact on analytics tool performance, potentially even reducing licensing requirements.
Last, a modular approach that exports Kafka or JSON means you can keep the SIEM, APM, or observability platforms you already pay for. Again, there’s no rip-and-replace licensing event.
Getting Started
When you’re drowning in SPAN and TAP traffic and still lack end-to-end answers, you can start where the Aviz differentiators shine:
Deploy Aviz Packet Broker at the fabric edge to filter, slice, and tunnel exactly what your tools need.
Then add a small ASN cluster for deduplication, DPI, GTP correlation, and KPIs analysis; and stream Kafka into the systems your NOC already trusts.
Summary
In modern NetOps, the goal is to turn packet chaos into a controllable, open pipeline without locking NetOps to a black box or forcing a tool overhaul. With a disaggregated packet-intelligence approach, network operations teams get the best of both worlds with the granular visibility that only packet captures can provide, but at a fraction of the costs.
Discover how Aviz Networks can help you achieve true packet-level visibility without the cost and lock-in of legacy solutions. Contact Aviz Networks today to speak with their team of experts.