Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Blogheader image.png

TAP Into Technology

Leading the Way in Network Technology

The 101 Series: A Primer On Network TAPs

Posted by George Bouchard | 1/31/17 8:00 AM

When the subject of Test Access Points or Traffic Access Point (most commonly referred to as a network TAP) comes up, the image that may come up in people’s mind is a device that taps into the network to allow a copy of the traffic to be sent to an analyzer.  

And, on a very basic level this is true. So many people dismiss TAPs as simple ways to gain access to their network traffic for analysis.

The truth is, the subjects of network TAPs is quite complex, read on to learn about the six different network TAP designs.

Network TAPs are quite complex and can provide many ways to help you keep your network running smoothly and secure than simply providing analysis for your monitoring tools.  To begin with, there are six different designs of TAPs: Breakout, Aggregate, Regeneration/SPAN, Filter, Bypass and Media Changing. We will provide a brief discussion on each type and provide you with the reason why you would use them.

1. Breakout 'Normal' TAP:

A typical TAP is made up of four (4) ports A, B, C and D.  Ports A and B are the network ports and C and D are the monitor ports.     

GEORGE STYLE-Flows-BreakoutLR.png

Diagram 1: Breakout "Normal TAP" Mode

Simple Implementation of a Breakout TAP

  1. The eastbound traffic from a network device, in this case a router, flows into network port A and flows out of network port B to another network device, in this case a network switch.
  2. Port B then sends it to monitor port C.
  3. The traffic that flows from network port B to network port A and send it to monitor port D. 

This TAP is generally used when the traffic on the attached link is heavy enough to cause over subscription if the send and receive traffic were aggregated together to one monitor port.This TAP requires that the tool or appliance it is attached to requires two network interface cards (NICs) in order to capture both the eastbound and westbound traffic streams. Learn more about breakout or normal TAP mode. 

Download Network TAPs 101!

2. Aggregation TAPs:

To take the traffic that flows from ports A to B and B to A and merge them together into one monitoring port. As long as the combined traffic does not oversubscribe the monitor ports, the TAP will send all the traffic out to the attached tool or appliance. Because all the traffic can be sent on a single port, the TAP can send all the traffic out to two monitoring devices. Learn more about aggregating TAP mode.

GEORGE STYLE-Flows-AggregationLR.png

Diagram 2: The Aggregation TAP copies data in both directions for monitoring and access. 

3. Replicating/SPAN TAP 

Often times there are not enough SPAN ports on a network router or switch to go to multiple analyzer tools and appliances.  A convenient way to solve this problem is to send the SPAN or mirrored input to a replicating TAP.  The traffic on the SPAN input can now be distributed out to up to three (3) different tools. Learn more about replicating/SPAN taps.

GEORGE STYLE-Flows-ReplicatingLR2.png
Diagram 3: The Replicating TAP takes a SPAN input and sends this data to multiple locations. 

 

4. Filtering TAPs: 

Network TAPs are designed to copy all of your data, but often your tools don’t need to see everything. Your VoIP or Wireshark only needs to see the traffic required to do it's job. This is where filtering is a desired feature because you can filter out what is not required by the tool –  ensuring the monitoring ports will not be oversubscribed.

This scenario (below) shows four 1G links with a filter applied and then aggregated together and sent out port D on TAP four to the monitoring tool. Learn more about filtering taps.

Filtering TAPs with Port Mapping Traffic Flow
Diagram 4: Four 1G links aggregated together and sent out port D

5. Bypass TAP: 

An important tool to allow placing active, in-line appliances into a critical link without introducing a “Point of Failure.” In a scenario where you want to install an in-line appliance like a next-gen firewall (NGFW) or intrusion prevention system (IPS), the device needs to be actively inline to perform it's job of actively blocking threats.  However, having the appliance active, in-line could prevent a network failure if the device fails, the link goes down, or you need to take it off-line for  updates or trouble-shooting.
 
The bypass TAP with failsafe will prevent this from happening.  The bypass TAP inserts a heartbeat packet into the traffic that it sends out to the in-line appliance and as long as the in-line appliance is on-line, the heartbeat packet will be returned to the TAP. The TAP will remove the heartbeat packet before sending the traffic back into the network.  If anything goes wrong with the TAP or the tool, the TAP's failsafe feature will keep the link (network traffic) flowing. Learn more about the bypass TAP.
 
 Bypass TAP Providing Failsafe Heartbeat Check for Active, Inline AppliancesDiagram 5: Bypass mode

6. Media Changing TAP

What happens when you have a monitoring tool that isn’t the same media type as your live connection, or visa versa? You might have a single-mode, extended-range fiber network link that stretches about 10km. But your network analyzer is sitting two feet away. Your first option might be to purchase the transceivers to match the links; however, this is an expensive and inefficient approach. Or more common, converting a fiber link to copper monitoring ports allowing you to still use your copper tools and appliances. This is just one scenario below of media conversion utilizing a network TAP. Learn more about media conversion network TAPs.

GEORGE STYLE-Flows-MediaLR.png

Diagram 6: Converting a fiber link to copper

 

Media Conversion Single-mode to SFP: convert single-mode fiber over to multi-mode fiber in the same manner by deploying a TAP that has single-mode network ports and SFP monitoring ports, shown below.

GEORGE STYLE-Flows-MediaLR3.png

Diagram 7: Converting a fiber link to SFP

 

Media Conversion: Copper to SFP: Take a copper link and convert it to single-mode or multi-mode fiber using a TAP that has copper network ports and SFP monitoring ports, shown below.

GEORGE STYLE-Flows-MediaLR4.png

Diagram 8: Converting a copper link to SFP

Aside from all the various types of TAPs, it's also important that a TAP must be able to do a very important task, it must not introduce a “point of failure.” If anything were to go wrong with the TAP, the live traffic must continue to flow. And in the case of the bypass TAP, if anything were to go wrong with the in-line appliance, the link must continue to flow.

I hope this takes some of the mystery out of TAPs and how they can help you keep your network running smoothly and secure.

Garland Technology's, The 101 Series is an educational series on how network TAPs work and the different functions they provide to the overall network design for access and visibility.

Want to learn more about the different network taps to better help you manage your network? Download Network TAPs 101 - The Networking User Guide. 

 

Topics: Network TAPs, The 101 Series

Written by George Bouchard

George has many years of experience working with both hardware and software in the OEM and Commercial marketplace. George’s expertise is in the engineering of Network TAPs.