4 Gbps In-Line Analysis with Onboard Failover
NT4E2-4T-BP is a 4-port 1 Gbps in-line accelerator with software programmable onboard electrical bypass functionality. This is designed for in-line applications that require high data throughput with zero packet loss and a low processing load. NT4E2-4T-BP can intelligently identify and distribute flows to up to 32 standard server CPU cores.

Accelerate Your Time-to-Market, Reduce Risk
Napatech Software Suite provides an efficient migration path by allowing you to mix and match ports and speeds. An advanced cooling design assures the required airflow while sensors monitor voltage, power, and temperature.

Download NT4E2-4T-BP data sheet

Our solutions deliver data to applications that identify and take action against unauthorized activity within networks, ensuring that sensitive information is secured and does not leak outside the organization’s network.


In order to protect networks from the most advanced cyber threats, our solutions deliver data to security applications such as:
  • Intrusion Detection Systems / Intrusion Prevention Systems (IDS/IPS) 
  • Unified Threat Management (UTM)
  • Security Information and Event Management (SIEM)
  • Data Loss Prevention (DLP)
  • Advanced Persistent Threats (ATP)
Security data collection systems make it possible to discover and contain threats faster based on real-time data from critical network links.


Our solutions deliver data to applications that help governments see all data running through their networks. Recognizing malicious packages and suspicious patterns allows governments to take preemptive measures to stop criminals before or during an attack, safeguarding sensitive government information as well as the personal data of citizens.


Our solutions deliver data to network appliances such as Intrusion Prevention Systems (IPS) that can see every detail within the networks they are protecting. They can stop attacks, as well as protect against data leaks, while at the same time ensure there is a 100% accurate record of everything that happened.


Three modes are available:
  • Normal mode where the port is connected to the accelerator PHY
  • Bypass mode where the port pair is interconnected
  • Disconnect mode where the port is disconnected
  • The watchdog timer with software-programmable time-out interval operates independently on each port pair.
A flow can be defined as Ethernet frames that are associated. The association can be created by comparing various information contained in the Ethernet and encapsulated protocol headers. One way of doing this is to calculate a hash value based on the specified header information. Then all frames with the same hash value are associated and handled in the same way.
Often, network applications need to look at flows of frames that are transmitted between specific devices (identified by their IP addresses) or even between applications on specific devices (identified i.e. by protocol and UDP/TCP/SCTP port numbers used by the application).
Napatech provides several hash value calculation methods, which use different information from various protocol headers in the Ethernet frame to calculate the hash value. This allows the correct hash calculation method to be selected depending on the kind of flows that need to be analyzed. Hash value calculation can also be configured for different types of flows. If only unidirectional flows need to be analyzed, one hash value is calculated for the flow from A to B and a different hash value is calculated for the flow from B to A. If bidirectional flows need to be analyzed, a sorted hash key can be used. This ensures that flows from either direction will receive the same hash value, and thereby be delivered and analyzed by the same CPU core, which is often the most efficient method for analysis.
Hash calculations can be based on the following protocol header information:
•    IPv4 and IPv6 2-tuple
•    IPv4 and IPv6 5-tuple
•    MPLS
•    VLAN
•    GRE
•    SCTP
•    GTP
•    Inner IP 2-tuple in GTP or IP-in-IP tunnel
•    Inner IP 5-tuple in GTP or IP-in-IP tunnel
•    IP Fragment
The hash value and hash key type are provided in the packet descriptor for each frame.


Modern servers provide unprecedented processing power with multi-core CPU implementations. This makes standard servers an ideal platform for appliance development. But, to fully harness the processing power of modern servers, it is important that the analysis application is multi-threaded and that the right Ethernet frames are provided to the right CPU core for processing. Not only that, but the frames must be provided at the right time to ensure that analysis can be performed in real time.
Napatech Multi-CPU distribution is built and optimized from our close knowledge of server architecture, as well as real life experience from our manufacturing customers.
Napatech accelerators ensure that identified flows of related Ethernet frames are distributed in an optimal way to the available CPU cores. This ensures that the processing load is balanced across the available processing resources, and that the right frames are being processed by the right CPU cores.
With flow distribution to multiple CPU cores, the throughput performance of the analysis application can be increased by orders of magnitude. Not only that, but the performance can also be scaled by using faster processors or more processing cores.
Napatech accelerators support different distribution schemes that are fully configurable:
•    Distribution per Port: All frames captured on a physical port are transferred to the same CPU core for processing
•    Distribution per Traffic Type: Frames of the same protocol type are transferred to the same CPU core for processing
•    Distribution by Flows: Frames with the same hash value are sent to the same CPU core for processing
•    Combinations of the Above


Full line-rate transmit is an important capability for a number of test and analysis applications. Testing network performance under maximum load is increasingly important to not only assure quality of experience, but also to harden networks against attacks, such as Distributed Denial of Service (DDoS) attacks.
Napatech accelerators make it possible to build solutions where the maximum transmission capability can be achieved to thoroughly test network resilience.
With Napatech accelerators, the frames to be transmitted are either generated by the application, replayed frames that were previously captured to disk, or retransmitted frames received in an in-line configuration.
Frames that are generated for transmission, or host-based transmit, allow frames to be generated by the host and transmitted at line speed on the network. This is useful for load-testing of networks and devices or simulating network behavior for network management and security testing. Timing can be important in these cases to ensure that the right frames are transmitted at the right time and in the right order.
Replay-from-disk allows previously captured frames to be analyzed for troubleshooting or security purposes. In this case, it is important that timing is preserved to accurately recreate what happened. It can also be useful in these cases to change behavior to simulate different situations. For example, it can be useful to manipulate the inter-frame gap (IFG) to speed up or slow down transmission.


  • Standard: IEEE 802.3 1000/100/10 Mbps Ethernet LAN
  • Physical interface: 4 x RJ45 ports
  • Capture rate: 4 x 1 Gbps
  • Transmit rate: 4 x 1 Gbps
  • CPU load: < 5%


  • 10 ms switching time
  • Resolution: 4 ns
  • No
  • PCAP-ns/-μs
  • NDIS 10 ns/100 ns
  • UNIX 10 ns
  • None
  • Bus type: 8-lane 5 GT/s PCIe Gen2
  • PCIe performance: 25 Gbps full duplex
  • Onboard RAM: 1 GB DDR3
  • Flash: Support for 2 boot images
  • RMON1 counters plus jumbo frame counters per port
  • Frame and byte counters per color (filter) and per host buffer
  • Counter sets always delivered as a consistent time-stamped snapshot
  • Power consumption: 24.5 Watts
  • Operating temperature: 0° to 45°C (32° to 113°F)
  • Operating humidity: 20% to 80%
  • MTBF: 155,727 hours according to RIAC-HDBK-217Plus


  • Temperature
  • Power
  • Linux
  • FreeBSD
  • Windows


  • Easy-to-integrate NT-API
  • libpcap support
  • WinPcap support


  • ½-length PCIe
  • Full-height PCIe
  • CE
  • CB
  • RoHS
  • cURus (UL)
  • FCC
  • CSA
  • VCCI