A Network TAP provides a "Test Access Port" for analyzing high-speed networks in half or full duplex mode. When operating high-speed, high-capacity, data communications systems it is often necessary to monitor and analyze traffic with an absolute minimum disturbance to the data stream.
Network taps provide inexpensive, permanent access ports throughout the network, enabling monitoring and analysis without interrupting transmission.
TAPs Versus Port Connection
To enable monitoring and intrusion detection, most of the major switch vendors now support span (or mirror) ports on their switches. This allows the traffic to be sent to an analyzer port as well as the original designated port.
A Port solution has three major drawbacks.
- First, it puts an increased load onto the switch that often increases CPU or memory requirements.
- Second, when packets are sent to a span port, most vendors' switches remove low level (Layer 1, select Layer 2) errors from the stream of data. This makes low level troubleshooting impossible.
- Third, if the link is a full duplex link running at full line rate, then to mirror this data would require a span port running at full line rate to get both directions of traffic. Unless a non-blocking switch is being used, large amounts of data could be lost because span port traffic is a low priority.
The tap solution for network monitoring and intrusion detection utilizes passive fiber or copper splitter taps on the main network links. This solution mitigates the trouble and expense associated with the three drawbacks mentioned above.
TAPs Versus In-Line Connection
Another common solution for monitoring and intrusion detection is to attach the analyzer in-line.
An in-line solution has two major drawbacks:
- First, because it is not cost effective to leave an analyzer in-line, network managers must break a connection whenever they need to monitor.
- Second, because the analyzer is not passive, attaching an analyzer in-line introduces a point of failure into the network.
The permanent, passive tap solution eliminates the risk and inefficiency associated with monitoring with an in-line analyzer connection.
Network taps provide network managers with the flexibility to monitor all aspects of the network 24/7. As network security and reliability continue to grow in importance, taps are an integral solution for any network.
Taps come in several varieties with different purposes and features. If you are confused about what type of Tap device you need in your network, here is a quick overview of the capabilities each type of Tap provides:
Network Packet Brokers (Smart filtering appliances) direct traffic of interest to monitoring tools in order to relieve oversubscription, leverage tool investment across groups, and centralize monitoring in the NOC.
When a monitoring tool is needed, simply connect the device to the Network Tap instead of taking down the link, moving cables, and causing traffic interruptions. Even if Taps lose power, they are completely passive and feature fail-open technology that ensures traffic continuity. Network Taps pass all network traffic - including Layer 1 and 2 errors - without introducing bottlenecks or points of failure for 100% visibility.
A Port Aggregator does essentially the same thing as a Tap; it allows you to access a single network segment. The difference is that you can plug in one or two monitoring devices (depending on the model) and view full duplex traffic with only a single NIC per device, rather than two NICs.
A Link Aggregator does essentially the reverse of a Regeneration Tap. This device accepts multiple network segments and "aggregates" all the traffic to 1 to 24 monitoring devices (depending on the model).
Regeneration Taps provide permanent passive monitoring access ports for 100% visibility into your network's critical links with multiple devices. Compatible with all leading security and network management tools, Regeneration Taps support simultaneous passive deployment of intrusion detection and prevention systems, protocol analyzers, RMON probes, and other key devices.
Each monitoring device connected to the Regeneration Taps sees the same traffic at the same time, providing a complete picture of link health for troubleshooting and analysis.
Phantom™ Virtualization Tap for Hypervisor-based Virtual Networks
Virtual Taps provide 100% visibility of traffic passing between Virtual Machines (VMs) in virtualized computing environments and clouds. Virtual Taps include integrated management and monitoring tools for your virtualized monitoring layer. These versatile software devices also send monitored traffic in encapsulated tunnels to physical monitoring tools, so you can use your existing tools and infrastructure to monitor your virtual environment.
- Extends monitoring access into the inter-VM networking layer
- Enables monitoring for security and compliance in virtualized environments
- Applies existing physical monitoring tools, processes, and procedures to the virtual network
Phantom HD - High-Throughput Tunneling Appliance
Data centers are virtualizing at breakneck speed, but the monitoring infrastructure often struggles to match that pace. Now, Net Optics' Phantom Solution™ uses the Phantom HD™ appliance to ease the virtualization transition by converging the physical and virtual monitoring infrastructures.
The Phantom HD™ terminates encapsulated traffic from Phantom™ Virtual Taps or other sources. It decapsulates the traffic and defragments those packets that occasionally become fragmented during tunnel encapsulation.
Optical Bypass Switches provide a permanent and trouble-free access port for in-line network security and monitoring devices. The Optical Bypass Switch automatically switches network traffic through added in-line devices or bypasses devices that are about to be removed. With a Bypass Switch network traffic is protected against both signal and power loss on the attached in-line device.
Last Updated: 04 February 2016