Why do I need TAPs? That’s a question I hear a lot from people in the field. Either they aren’t familiar with TAPs, or even if they are, with a low utilization, they may think there isn’t an application that makes sense for them.
We’ll I’m here to tell you that there is an application for Network TAPs for pretty much every network. Even if you have low utilization on your SPAN port, industry best practice is you should use a network TAP as the foundation of your visibility for today and the future. The 5 most popular applications for TAPs we see from customers are:
Visibility into your Network
Using a Network TAP, or test access point, provides complete visibility into your network, allowing you to see every packet of data flowing into and out of your network. With a visibility point in your network, you can analyze e-commerce and web server traffic, VoIP and real-time communication applications, and gain the insights you need to optimize network performance, among others.
Prevent Network Downtime
With a Bypass TAP, you avoid network downtime as the TAP’s only functionality is to provide copies of traffic to the active, inline device. Because of the heartbeat packets included in Bypass TAPs, if you have any issues with your tools, you can easily take that active, inline device offline for testing, updates, and changes while the live network data still flows. A switch on the other hand has to focus on it's "production network" while combating anomalies like DDoS attacks, so if there is an issue with an inline device like a NGFW, you would have to take the network down.
What happens when your monitoring tool isn’t the same media type as your live connection? For example, you might have a single-mode, long range cable running between buildings on your campus, but the analyzer tool you want to connect to is in the same rack in your network room. Rather than buy an expensive transceiver or new tool, a network TAP can take care of the media conversion for you.
It’s the same with network speeds. With today’s upgraded networks, I’m starting to see 40G and 100G networks a lot more. The question that comes next is, what do you do with all of your old monitoring tools that were running at 10G? Rather than purchasing updated tools for these new network speeds, which can be very expensive or even unavailable on today’s market, utilizing network TAPs plus a purpose built packet broker at the access layer allows for any-to-any configuration of network speeds.
In the case that you need to prove evidentiary chain of custody for a court case, a Network TAP must be used to prove that no packets were dropped during the lawful intercept process. Network TAPs are CALEA approved because they ensure all data arrives at the monitoring or analyzer tool, and that it wasn’t hacked. SPAN ports can’t say that.
Connecting Multiple Monitoring Tools
What happens when you have multiple monitoring devices you want to use to analyze your network? With an aggregator TAP, 100% full duplex traffic is captured in both directions from your network and sent out of 2 monitoring ports, so you can send your traffic from that point in your network to Wireshark AND an APM. More tools than that? No problem, we’ll just use a 1U/2U chassis populated with as many TAPs as you need to get the job done.
Want to learn more about the use of network TAPs in your network? Download our whitepaper on Maximizing Visibility: Understanding the role of Network TAPs, Packet Brokers and Hybrid Solutions.