Why use a 'Breakout' TAP?

A breakout TAP is used when utilization is very high and packet loss is not an option. The common use case is for network and application monitoring, performance and analysis. Breakout or normal TAPs are available for copper and fiber networks. In a separate blog we can dig deeper into those differences.

There are TAPs designed to act only in breakout or normal TAP mode, or only as an aggregating TAP, as well as multi-functional modes (Filtering or Bypass TAPs). It's best to know your needs before investing, because as your network evolves, so do your monitoring and access needs.

So, let's begin. To keep everything simple, let’s look at how we would attach a breakout TAP into the link that goes between a network router and a network switch so we can attach a protocol analyzer.

Figure 1: Simple Full Duplex Network Link

How a Breakout Network TAP Works:

1. To set up a TAP in breakout mode, first disconnect the cable that connects the router to the switch.
2. Connect the cable to port A on the network TAP.
3. With a second cable, attach one end to port B of the TAP and the other end to the port on the switch that we just disconnected.
4. With no power applied to the TAP, the link will reestablish and traffic will flow again between the two devices.

Figure 2: Shows how the network traffic will flow between the two end devices. This is before the power is applied to the TAP, so there will not be any traffic flowing out of ports C and D.

>> Download Now: Network TAPs 101 [Free eBook]

Network Flow with a Breakout TAP and Monitoring Tool

1. Now apply power to the TAP.  
2. The traffic will flow from the router to port A of the TAP out port B of the TAP to the switch in the eastbound direction.
3. The eastbound traffic will also be sent out port C of the TAP to a Network Interface Card (NIC) on the protocol analyzer.

In the westbound direction, the traffic will flow from the switch to port B of the TAP and out port A to the router. The westbound traffic will also be sent out port D to the second NIC on the protocol analyzer.

Because only the eastbound traffic is on port C and the westbound traffic is on port D, the analyzer needs to have two NIC installed allowing the analyzer to receive ALL the network traffic that is running on the link.  Even jumbo packets and packet errors are passed along to the analysis tool.

If the analysis tool doesn’t have two NICs, then you can still analyze the traffic coming from port C or the traffic coming from port D, but not at the same time.

In my Aggregation blog, I explain and show you how you can see all the link’s traffic with only one NIC on the analyzer. The nice thing about the breakout TAP is that the monitor ports cannot be oversubscribed.  All the eastbound and westbound traffic that is presented to the TAP will be sent out port C or D including packet errors.

Figure 3: Traffic flow when TAP loses power

No "Point of Failure”

If the TAP loses power (or has no power applied), the traffic on the live link will continue to flow with no interruption as shown in Figure 3.  The monitor ports will no longer forward traffic, but the live link is still operational – this provides the peace of mind that your network link will continue to flow, even if your TAP loses power.

Garland Technology's, The 101 Series is an educational series on how network TAPs work and the different functions they provide to the overall network design for access and visibility.

Looking to add a visibility solution to your next deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!