<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

TAP + Aggregation for Gigabit Copper Networks

September 21, 2022

it engineer in network server room solving problems and give help and support-1

While we keep hearing about network migrating to 40G or 100G, it's important to note that many networks still consist of 1 Gigabit copper network links, and will require network traffic visibility. Copper Network Taps are the best way to see traffic going over the network as they will neither affect production traffic nor become a point of failure in the network.

When tapping gigabit copper links, it’s important to know the network utilization in both directions of the link. If the speeds are less than 500 Mbps in each direction, then an Aggregation TAP can be used to produce a single monitor link per tapped network link. However, if the combined network speed of each direction of traffic is greater than 1 Gbps, then a Breakout TAP will be needed to ensure the monitor ports are not oversubscribed.

Network TAPs

Breakout TAPs will provide 100% full packet capture at the cost of requiring an additional monitor link: two monitor links are generated per tapped network link.

If multiple copper network links are tapped, many monitor links could potentially be generated. At this point, there are two options on how to handle the monitor links: connect each monitor link directly into the network tool or send the monitor links into an Aggregation appliance that can reduce the number of connections needed to get the data to the tool.

TAP to Aggregation

If the network tool you are using has a massive amount of ports to support each monitor link, then you’re golden. Unfortunately, most network tools do not have many ports available. If you’re using a tool with a limited number of ports, then an Advanced Aggregator can help accommodate your needs by reducing the amount of monitor links to a number that is more manageable for the network tool.

There are many options for aggregation appliances and the needs of your network should be taken into consideration when making your choice. Aggregation appliances often come with 10Gb open SFP+ ports to provide modularity for 1 to 10Gb connections of either copper or fiber. The hardware to support 10Gbps of throughput costs more than hardware that supports only 1Gbps. If you have only a 1Gb copper network, the 10Gb ports will be about 1/10th utilized. In addition, the appropriate transceivers will need to be purchased for each monitor link.


While the larger appliance can provide immense room for growth, if the network requirements do not intend to change drastically, an Advanced Aggregator that is better suited to the network needs can be considerably more cost effective.

The AA1G52AC 1 Gigabit Advanced Aggregator is tailored toward copper networks. The AA1G52AC has built-in 1G RJ45 copper ports, allowing copper monitor links to be directly terminated into the Aggregator without the need of an additional transceiver. The four additional 10G open SFP+ cages on the AA1G52AC provide the means to aggregate multiple 1G ports together into a single monitor link that can be sent to a network tool.

AA1G52AC

The AA1G52AC provides another element of consideration when designing an efficient and effective network visibility fabric.

[Interested in learning more about how a 1G Advanced Aggregator works in your network? Work with our network design team today!]

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES