IT teams realize the inherent limitation of SPAN ports and have shifted towards a new 4-tiered approach to network visibility.
The traditional 3-tiered approach to network visibility was designed to increase the efficiency of monitoring and security tools. Over the years, the tools themselves have grow significantly more complex, which then drove the network packet brokers they are connected to, to become more complex in turn. These additional features such as SSL/TLS decryption, deduplication, and metadata generation have driven up the cost of advanced network packet brokers, resulting in ballooning budgets, or an increase in blind spots within the network if you can’t afford to TAP all of the locations you want.
By adding a new Aggregation Layer between the physical layer TAPs and the Network Packet Brokers (NPBs), you can increase the efficiency and port utilization of NPBs. Consider the fact that many network links are only using 60% utilization, and as you move further away from the core, utilization often drops to <5%. Now consider the per port cost of an NPB. Can you justify that? Aggregators improve ROI by reducing the cost of the overall visibility solution.
Aggregators can take those low utilization traffic streams and through aggregation and load balancing, reduce the number of traffic streams and thus the ports needed on the NPB. Aggregators are also capable of pre-filtering on L2-L4, prior to sending it to the NPB for advanced filtering, further increasing the efficiency of the unit.
With the cost savings and improved efficiency, it’s no wonder why the industry is shifting to the new 4-tiered approach to network visibility.
As today's network become increasingly complex, we're seeing greater data speeds, an exponential growth in the amount of traffic that is placed on the network, and the need for many more tools to monitor the data that is flooding the network.