If you remember in my post on Breakout TAPs, there was a small problem when your network analyzer or monitoring device only had one network interface card (NIC). You could only look at the traffic going from ports A to B or the traffic going from ports B to A, but not at both streams of network traffic at the same time. Also, a breakout TAP can only send network traffic to a single analyzer or monitoring device.

Now, breakout network TAPs are a great solution for many situations, but nevertheless, engineers love solving problems – so they set out add more functionality by developing data aggregation TAPs.

How Aggregation TAPs Work

1. Attach an Aggregating TAP to the link that connects them. 
2. Disconnect the cable that attaches the router to the switch from the switch end.
3. Connect the switch end of the cable to port A on the Aggregating TAP (no power has been applied to the TAP at this point). 
4. Take another cable and connect one end to the port B of the TAP and the other end to the connection on the switch that was previously disconnected. 
5. Now, with no power applied to the TAP, the TAP will reestablish the link and traffic flows again between the two devices. This happens because power has not been applied to the TAP, there will not be any traffic flowing out of ports C or D.
6. Now apply power to the TAP, the traffic flowing from the router to the switch through ports A and B, will also be applied to port C and to port D; the traffic flowing from the switch to the router will also be applied to port C and port D (see below, Figure 2).
   
   

Download Now: Network TAPs 101 - The Networking User Guide [Free eBook]

Aggregating TAP Captures Full Duplex Traffic in Both Directions

Figure 2 (below) shows how the network traffic will flow between the two end devices and the monitoring ports. The monitor ports C and D will each receive all of the traffic on the link. The benefit is that now you can use an analyzer that has only one NIC and get to see all the traffic on the link. Another benefit is that all the traffic can be sent out to another monitoring tool, like an application performance monitoring (APM) or Denial-of-service attack (DDoS).

There is one area of caution when you aggregate the traffic on a full duplex link, and that is the possible oversubscription of the monitor port. For example, if the link is a 1G link, theoretically there is a possibility that each side of the link (send and receive) could have up to 1G of traffic. When you aggregate the traffic, you could effectively have up to 2G of traffic going out to the monitor port.  Whenever you are considering using an aggregating network TAP, make sure the link is not carrying heavy utilization traffic. If oversubscribing is a possibility, then combine filtering with aggregation.

Figure 3: Failsafe Traffic Flow When TAP Loses Power

The Aggregating mode of a TAP maintains the same safety feature as the Breakout mode. If the TAP were to lose power for any reason, the link will continue to flow with minimum interruption based on IEEE Standards (Figure 3). If the media is fiber or copper at 10/100Mbps, there is no interruption. 

For copper Gigabit interfaces, it is important to look for one with failsafe circuitry that meets data center standards. For instance, Garland’s fail-safe relay circuitry is built into our Gigabit network TAPs – if power is lost the relay circuitry will fail-close in less than 8 milliseconds providing a connection between the network elements. This ensures that traffic can continuously flow in the event of a power failure.

The most reliable method is to deploy all your networks TAPs via a rack outfitted with dual Uninterruptible Power Supplies (UPS).

Garland Technology's, The 101 Series is an educational series on how network TAPs work and the different functions they provide to the overall network design for access and visibility.

Looking to add a visibility solution to your next deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!