Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Blogheader image

TAP Into Technology

Leading the Way in Network Technology

A Practical Example: 1G In-Line and Out-of-Band Connectivity

Posted by Chris Bihary | 6/16/16 8:00 AM

1G In-Line and Out-of-Band ConnectivityEven if you’ve already realized the inferiority of SPAN ports and started moving to network TAPs, you still have to make sure your network design is set up for visibility into every bit, byte and packet® of traffic. 

However, the increasing complexity of the security stack and necessary network monitoring solutions are making it harder than ever to maintain an efficient network design.

As more in-line appliances and out-of-band monitoring tools are added to the network, architects must pay close attention to the amount of traffic they’re sending to each port.

Standard breakout mode may have worked in all use cases in the past, but copying 100% of traffic to all ports is no longer an option in many cases. Let’s dive into a practical example of tapping 1G in-line and out-of-band solutions without oversubscribing your ports.

Tapping In-Line and Out-of-Band Solutions with a 2U Chassis

The new 1G Modular Packet Broker System from Garland Technology is designed to support breakout, aggregation, filtering, regeneration/SPAN and bypass modes for total flexibility and scalability. The 2U chassis option can help you manage your in-line and out-of-band solutions without oversubscribing 1G ports.

1G In-Line and Out-of-Band Connectivity

In this scenario, the eastbound and westbound traffic passes through the modular TAP in breakout mode. A complete copy of the traffic is aggregated and sent to corresponding appliances (in this case, the web application firewall. 

However, because the monitoring ports can only support 1G, the TAPs must also filter out packets that aren’t necessary for the web application firewall to scrub. Using the remote management interface of the 1G Modular Packet Broker System, you can easily set the parameters for filtering and ensure in-line and out-of-band solutions see every bit, byte and packet® necessary.

Whitepaper Network Connectivity

Port Mapping Explained

Aside from the fact that they can’t ensure 100% packet visibility, one reason SPAN ports are inferior to network TAPs is that the number of ports is limited compared to the number of in-line No Span Ports - No Problem. TAP 1 Link in and 3 Copies out.and out-of-band solutions you have to connect. As you add more appliances to your network, you need a design that minimizes the number of ports you use. 

Port Mapping (or backplane filtering) on the new 1G Modular Packet Broker System means you can aggregate low traffic links and send them to a single in-line or out-of-band solution without oversubscribing ports. 

Think of this in terms of your own network where you might have a Palo Alto Next-Generation Firewall and the NextComputing Packet Continuum to send traffic to. With the 1G Modular Packet Broker System and port mapping, you can take multiple 1G links and filter out any unnecessary data before sending copies to both the monitoring device and in-line security appliance.

This is just one use case for the new 1G Modular Packet Broker System. With space for up to 12 TAP modules -  there are so many ways you can configure the chassis for your specific needs. All modules are hot swappable for onsite changes coupled with remote management to easily click a mouse to switch from bypass to aggregation or breakout modes.  

One of the greatest benefits of the new 1G Modular Packet Broker System is the flexibility it gives you to scale your network alongside growing security and monitoring stacks. But this also means you need a strong network design to ensure appliances are seeing every bit, byte and packet® without oversubscription.

If you want to learn more about the ins and outs of network connectivity, download our latest white paper, Network Connectivity: A Go-To Guide.

Topics: Network TAPs, Data Center, Network Infrastructure, Palo Alto Networks, Network Packet Brokers/Advanced Aggregators

Written by Chris Bihary

Chris Bihary has been in the network performance industry for over 20 years. Bihary has established collaborative partnerships with technology companies to complement product performance through the integration of network test access points. Previously, Bihary was Managing Partner at Network Critical.

Sign up for blog updates