Contact Info


706 Brewster Avenue Montreal, Qc, H4C 2K1

USA Office:

440 N Wolfe Road Sunnyvale,CA 94085
Follow Us


Security Load Balancer | Scalable Network Security


NoviFlow’s NoviMapper implements elastic, dynamic scaling of cybersecurity and network services into the Terabit scale by implementing a powerful Load Balancer, packet filtering and telemetry solution that runs on high-performance programmable network fabrics. NoviMapper simplifies network architecture at the edge by replacing hardware appliances and network TAPs by packet processing rules and software executing directly in the network switch, using the network to intelligently direct traffic to only only the right services and applications, and in the order required to meet customer SLAs. Benefits include reducing hardware costs, enabling the scaling of services, reducing the cyber-attack surface, and greater network robustness.

The NoviMapper solution achieves this unprecedented performance, flexibility, and scale by leveraging the power of programmable match-action pipelines, white-box hardware, and open standard interfaces such as gRPC and P4Runtime. NoviMapper runs on standard COTS servers, and is deployed with select white-box switches running the powerful Intel/Barefoot Tofino, to deliver a fully programmable network fabric in a simple, scalable, compact form factor, and at a fraction of the price of conventional networking solutions.


NoviMapper: High-Performance Security Load Balancer

  • Dynamically scales clusters of cybersecurity servers or application virtual machines for higher performance, even into the Terabit range
  • NoviMapper filters and balances traffic across arrays of network appliances or virtual machines without the cost of external load balancing appliances and it Improves performance of security applications by moving policy enforcement into network fabric itself
  • Reduces Denial of Service attacks by filtering known bad actors before traffic can enter the network fabric and network appliances
  • Faster time to market and easy integration via REST APIs of IP Reputation feeds and Cyber Security DPI server mitigation
  • Accelerated performance and reduced costs of existing Cyber Security DPI and Analytics solutions.
  • Significantly reduces network complexity, latency and costs via Scale-Out NoviSwitch and white-box hardware deployed anywhere in the network with unlimited linear scalability
  • Protects investments in network hardware and allows for faster introduction of new features because the entire stack from the switch silicon to the application is programmable
  • Leverages white-box hardware and Open Standards such as OpenFlow, gRPC and P4-Runtime for maximum economies of scale
  • Orders of magnitude better performance up to 6.4 tbps in a single Intel/Barefoot Tofino-based switch and port speeds up to 100 Gbps
  • Increased capacity per filtering point and ability to filter on up to millions of rules
  • Non-destructive load balancing and failover. Ideal for stateful Cybersecurity Servers, DPI Engines, and Web Content Filtering Clusters
  • Multiple NoviSwitches can be installed throughout the network for load-balancing/mitigation/enforcement at network ingress/egress points
  • Evolved security architecture separates analytics and detection from mitigation/enforcement
  • Protocol white lists offloads protocol types that do not need analysis

NoviMapper Security Load Balancer Data Sheet

Optional Feature: Dynamic In-Line Packet Broker Services

NoviFlow’s Dynamic In-line Packet Broker Services are an optional (separately licensed) extension to NoviFlow’s NoviMapper and thus inherit all the NoviMapper services.

NoviFlow’s Dynamic In-Line Packet Broker Services deliver optimized flow monitoring and acquisition functions without requiring the use of optical taps to duplicate packets on the main network and transmit them to a monitoring and analytics network. For ease of use and integration into existing brownfield networks, DIPB implements Tap and Filtering services via programmable SDN technology controlled through RESTful APIs. This virtualizes the entire process of traffic monitoring with a tap/filter, and eliminates the cost and time required to install physical tap hardware, enabling traffic to monitored dynamically whenever needed under the control of security or orchestration packages.


Below are the key services provided by the Packet Broker extensions to NoviMapper:

Terabit Throughput Services: The most disruptive feature of the Dynamic In-Line Packet Broker Services is Terabit performance, offering a new level of throughput at a far more affordable price point.

Dynamic Tap/Select Services: NoviFlow’s DIPB Services deliver the ability to dynamically initiate and manage taps and filter network traffic via SDN. Functions include bump-in-wire, dynamic taps (simple or bi-directional), dynamic filter (traffic steering), select on encapsulated IP Header, and select on Protocol.

In-switch Load Balancing to service Tool devices and VNFs with different throughput capabilities, easily accommodating environments where a number of Tools have been added over time and thus vary in capabilities. Enables dynamic scaling of Tool Farms in real-time, and non-destructive fail-over while protecting stateful information (metadata) about flows as virtualized tools are spun up or down in response to changes in traffic.

NoviFlow’s DIPB moves Packet Broker technology into the SDN world. For ease of use and integration into existing brownfield networks, these services are implemented and controlled via a RESTful API.

DIPB’s Multi-Tenant Port Pairs capability allows flows from multiple sources (tenants) to be processed by the same Tool Farm. This provides a significant reduction in cost per port.
Finally, DIPB comes with a web-based dashboard that presents the activity and allocation of the flow Load Balancing to the Tool Farm in real-time.

NoviMapper Dynamic Packet Broker Services Option Datasheet