Need Assistance?

Newsletter

For a Free Quote...

Network TAPs Overview: The Start of Visibility Architecture

BypassFamilyBlack

Gain Network Visibility and Traffic Access with Network Taps

Change is coming to networks faster than ever before. While growth is a new constant in most networks, it is being compounded by new regulations, virtualization of workloads and services, changing security needs, and migration of applications between data centers and the cloud.

Due to the constant cycle of change creating a scalable visibility architecture ensures that your monitoring and security tools see all the data. Traditional monitoring methods, such as port mirroring, can be costly and add layers of complexity. The first question in designing this architecture is how you access the data?

 

 

SOLUTION: 100% VISIBILITY WITH NETWORK TAPS

 

A test access point (TAP) allows you to set up a permanent in-line monitoring device that mirrors all the traffic that is passing between network nodes. The TAP will then copy the data continuously, 24/7 to your packet brokers, packet analyzers, intrusion detection systems or other security tools, without introducing a point of failure.

Network TAPs come in variety of configurations:

  • Copper Taps – electrical hardware access point for copper infrastructure from 10/100M to 10/100/1000 all the way to 10Gig copper.
  • Optical Fiber Taps - extracts signal from the optical fiber without breaking the connection
  • Virtual Taps - software-based tap that that captures a copy of the east west data flowing between virtual machines (VMs)
  • Media Conversion -  (copper to fiber) – Bridge the gap between copper and fiber infrastructures and extension of fibre from multimode to single mode
  • Regeneration Taps - Create multiple copies of network data to support multiple devices from a single connectivity point
  • Aggregation Taps - Merge traffic streams into one monitoring port to reduce appliance costs, often used in combination with filtering taps, ie: filter, aggregate data streams
  • Passive, listen-only TAPs -  for monitoring devices – Taps which can only export traffic and not receive any traffic on the monitoring ports.
  • iBypass Tap -  inline network TAPs that provide a failsafe for security tools - Prevents in-line devices from causing a network downtime if they fail or need to be updated.

Taps vs. SPANs

Taps are designed to pass through full duplex traffic at line rate non-blocking speeds. Network taps use passive splitting or regeneration technology to transmit in-line traffic to an attached management or security device without data stream interference. The monitoring device sees the same traffic as if it were also in-line, including physical layer errors.

It is also a common practice for network engineers to span VLANs across gigabit ports. In addition to the need for additional ports that may be available in one switch, it is often difficult to “combine” or match packets to a particular originating link. So while spanning a VLAN can be a great way to get an overall feel for network issues, pinpointing the source of actual problems becomes difficult.

When using SPAN ports to monitor the network, an engineer is usually required to configure the switch or switches. Switches also attempt to eliminate corrupt or non-conforming packets on ingress ports. In addition, switches may drop layer 1 and select layer 2 errors depending on what has been deemed as high priority. As SPAN setup normally captures data within the egress segment, this means you may not be getting the true “picture” of incoming traffic.

On the other hand, a tap passes all data on a link, capturing everything needed to properly troubleshoot common physical layer problems, including bad frames that can be caused by a faulty NIC.

Taps are designed to pass through full duplex traffic at line rate non-blocking speeds. The software architecture of low-end switches may introduce delay while packets are copied to the SPAN ports.

Furthermore, accessing full-duplex traffic may also be constrained by using a SPAN port. For example, to capture the traffic from a 100MB link, a SPAN port would need 200MB of capacity. This requirement can cause problems, so a gigabit link is often needed as a dedicated SPAN port.

Lastly, the use of taps optimizes both network and personnel resources. Monitoring devices can be easily deployed when and where needed, and engineers do not need to re-cable a network link to monitor traffic or re-configure switches. In contrast, a tap that includes two monitoring ports eliminates the need for both the network and security teams to share the one SPAN port that may have been configured to capture traffic for monitoring devices.

Tap Suppliers

IXIA, have a complete line of taps from 1Gbps to 100Gbps, single mode and Multi mode and connector/fiber types including Cisco BiDi

 
Network taps
packet brokers
bypass switch
 

Contact Us

Address:

Telnet Networks Inc.
100 Strowger Blvd, Suite 118, Brockville, ON, K6V 5J9, Canada

Phone:

(800) 561-4019

Fax:

613-498-0075

For More Information about Telnet Networks, our products, or our services, or to request a quote please feel free to contact us directly.

Latest Blog Posts

Latest Blog Posts (copy)