<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">

Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.


Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.


The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners


Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.


Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.


Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

The 101 Series: Why Do We Need an Aggregating Network TAP?

If you remember in my post on Breakout TAPs, there was a small problem when your network analyzer or monitoring device only had one network interface card (NIC). You could only look at the traffic going from ports A to B or the traffic going from ports B to A, but not at both streams of network traffic at the same time. Also, a breakout TAP can only send network traffic to a single analyzer or monitoring device.

Now, breakout network TAPs are a great solution for many situations, but nevertheless, engineers love solving problems – so they set out add more functionality by developing data aggregation TAPs.

How Aggregation TAPs Work

East-West Traffic.pngWith a simple, full duplex link (shown here) between a network router and a network switch:
  1. Attach an Aggregating TAP to the link that connects them. 
  2. Disconnect the cable that attaches the router to the switch from the switch end.
  3. Connect the switch end of the cable to port A on the Aggregating TAP (no power has been applied to the TAP at this point). 
  4. Take another cable and connect one end to the port B of the TAP and the other end to the connection on the switch that was previously disconnected. 
  5. Now, with no power applied to the TAP, the TAP will reestablish the link and traffic flows again between the two devices. This happens because power has not been applied to the TAP, there will not be any traffic flowing out of ports C or D.
  6. Now apply power to the TAP, the traffic flowing from the router to the switch through ports A and B, will also be applied to port C and to port D; the traffic flowing from the switch to the router will also be applied to port C and port D (see below, Figure 2).

Download Now: Network TAPs 101 - The Networking User Guide [Free eBook]

Aggregating TAP Captures Full Duplex Traffic in Both Directions

Figure 2 (below) shows how the network traffic will flow between the two end devices and the monitoring ports. The monitor ports C and D will each receive all of the traffic on the link. The benefit is that now you can use an analyzer that has only one NIC and get to see all the traffic on the link. Another benefit is that all the traffic can be sent out to another monitoring tool, like an application performance monitoring (APM) or Denial-of-service attack (DDoS).

Figure 2: Aggregation flow

There is one area of caution when you aggregate the traffic on a full duplex link, and that is the possible oversubscription of the monitor port. For example, if the link is a 1G link, theoretically there is a possibility that each side of the link (send and receive) could have up to 1G of traffic. When you aggregate the traffic, you could effectively have up to 2G of traffic going out to the monitor port.  Whenever you are considering using an aggregating network TAP, make sure the link is not carrying heavy utilization traffic. If oversubscribing is a possibility, then combine filtering with aggregation.

Figure 3: Failsafe Traffic Flow When TAP Loses Power

The Aggregating mode of a TAP maintains the same safety feature as the Breakout mode. If the TAP were to lose power for any reason, the link will continue to flow with minimum interruption based on IEEE Standards (Figure 3). If the media is fiber or copper at 10/100Mbps, there is no interruption. 

For copper Gigabit interfaces, it is important to look for one with failsafe circuitry that meets data center standards. For instance, Garland’s fail-safe relay circuitry is built into our Gigabit network TAPs – if power is lost the relay circuitry will fail-close in less than 8 milliseconds providing a connection between the network elements. This ensures that traffic can continuously flow in the event of a power failure.

The most reliable method is to deploy all your networks TAPs via a rack outfitted with dual Uninterruptible Power Supplies (UPS).

Figure 3: Traffic Flow when TAP Losses Power

Garland Technology's, The 101 Series is an educational series on how network TAPs work and the different functions they provide to the overall network design for access and visibility.

Looking to add a visibility solution to your next deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!

Network TAPS 101 Basics for IT Security engineers

Written by Jerry Dillard

Jerry Dillard, CTO and Co-founder of Garland Technology, leverages over two decades in design and engineering to ensure maximum performance within today’s network environments. Dillard, the inventor of the Bypass TAP, continues to innovate network visibility solutions worldwide.



Sign Up for Blog Updates