If you have been in networking long enough, you may have heard the phrase “breathe new life into old tools.” This concept is simple - security and monitoring tools only perform as well as the data they process. So solely relying on SPAN (Port mirroring) for packet visibility is well known to present issues that minimize tool performance like dropped packets and introducing blindspots. Also, as network speeds advance, tools that operate at lower speeds of 1G and 10G may become obsolete.
Therefore, feeding your old tools with packets from Network TAPs ensures they perform how they were intended: processing complete packet data without loss. Also, adding network packet brokers (NPB) to aggregate, load balance, and optimize the traffic, relieves any additional processing burden on the tools, allowing teams to utilize those lower speed tools longer while ensuring they are running at peak performance.
As cybersecurity demands grow, as companies incorporate virtual traffic, and with the growth of higher traffic speeds and greater complexity, teams are looking to manage IT budgets more effectively. Especially trying to improve the return on investment of their existing network - not just the tools, to ultimately increase their spend on security solutions and headcount.
Improving Your NBP Return On Investment
Companies may have their core infrastructure in place, have their backbone tools and network packet brokers working well, but face blind spots. Likewise, there may even be performance or security issues that demand additional visibility into new segments in the network to expand their tool’s coverage. More visibility links lead to port retention on the core packet brokers, leading to expansion of core packet brokers and to an even larger return on investment than was originally anticipated.
Unfortunately with some packet broker vendors, operation costs hide in plain sight and can be very hard to get under control. License fees and lock-ins unintentionally expand the footprint and reduce the ROI of the initial investment.
Many times the Garland Technology team is brought into a project to add additional tapping visibility, deduplication, and traffic aggregation to an existing infrastructure because:
With Garland’s help network architects can improve not just the security and monitoring tools at the top of the stack but also breathe new life into those existing core packet brokers.
Adding network TAPs, deduplication, and traffic aggregation to existing deployments in a cost-effective way bolsters the original investment while improving the solution's overall effectiveness. But how does that work, and why wouldn’t we just use the same vendor?
It is common to face various challenges adding network visibility to existing infrastructure, like speed upgrades, cabling upgrades, throughput, unique media requirements, harsh environments, and the list goes on. We believe network visibility should be an easy, seamless experience. That is why teams turn to Garland for their tapping needs. After 10 years focused on network TAPs, we can tackle any environment or requirement to ensure you ‘see every bit, byte, and packet.’
What to do with those additional tapped links? Adding an aggregation layer between your TAP links and core packet brokers, frees up valuable existing core packet broker ports, reducing license and port fees from the existing packet broker.
An aggregation layer allows you to take the traffic from the 32 links in the example down to 1 or 2 links on your existing packet broker. Additional filtering and load balancing in this layer can further reduce traffic burden to the NPB and tools by up to 50%, enhancing performance.
While many NPB vendors have shifted their focus to become a full security and monitoring platform, competing with security solutions like NDR (Network detection and response, Garland has pursued a different path). We are solely focused on getting wire and virtual packets to your tools. We will continue to innovate and develop network TAPs and packet brokers to enable an evolving network.
As I say to customers all the time, “You have Gigamon or Keysight Ixia? Great, let’s help improve your packet visibility so you can ‘breathe new life into your existing packet broker!’”
Looking to breathe life into your existing deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.
If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.
If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.
While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.
Some of you may have noticed a flaw in the logic behind this solution! You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.
Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.
Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.
Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.