Network Visibility Fabric Design: Starts with the Access Layer

Network visibility fabrics, a combination of network TAPs, network packet brokers, aggregation devices, and bypass devices, play a critical role for network performance management and security operations.

Network requirements are becoming more complicated with each passing year, as more data is flowing across networks, across a wider area, and at higher speeds. This has led to an increased need by enterprises, service providers, and government agencies to require greater visibility into the network to understand what is going on. Enter in the rise of the network visibility fabric to provide a complete view into your network.  

Let’s explore the network visibility fabric in more detail, starting with the foundation: the Access Layer.

A Reliable Access Layer is Critical

The access layer of a network visibility fabric is where traffic is pulled from the production network. The access layer usually consists of 100M or 1G copper network links, where switches directly connect to end point devices and allow these devices to communicate with each other, and may also provide "Power over Ethernet" to power small devices.

“EMA recommends that enterprises use TAPs as much as possible in the access layer to avoid network performance impacts and assure packet fidelity.” It seems as though the well-documented use cases for Network TAPs are making grounds, as 83% of current network visibility fabrics make use of TAPs for at least half of the fabric access layer.

What's Monitored at the Access Layer?

• User Access Control
• Workstation Monitoring
• VoIP Monitoring

Network TAPs will provide 100% visibility for out-of-band monitoring tools, as the fabric will mirror the traffic from various segments of the network.  This traffic can be sent to monitoring tools like Wireshark, network analyzers, DPIs, and lawful intercept applications.

For inline security use cases, like firewalls and intrusion protection, the fabric will redirect production network traffic to analysis tools and then return the inspected traffic back to the production network. By using bypass TAPs for these inline applications, the network remains protected, and the inline tool does not create a point of failure for the network.

Access Layer TAPs 

• Tapping at the Access Layer Switch will allow for visibility into End Points talking to other End Points on the same switch
• Every link on the Access Layer Switch will need a TAP in order to get full visibility
• PoE Links will require a TAP that can pass PoE on through to the End Point Device
• TAPs are often used by a technician to look at a single End Point Device at time
• SPAN ports are common on Access Layer Switches as ports are often under-utilized, allowing multiple ports to be mirrored out a single port at a time

Traffic doesn’t lie, so to get to the bottom of an investigation of a threat or an anomaly, you need to have a complete copy of the network traffic, and using a reliable Network TAP is the way to ensure that.

[If you’re interested in learning more about the principles behind a well-designed network visibility fabric, download Garland’s latest whitepaper from the analysts at EMA: Best Practices for Building a Network Visibility Fabric.]