<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

TAP + Aggregation for Gigabit Copper Networks

March 20, 2025

network cables

While we keep hearing about networks migrating to 40G or 100G, it's important to note that many networks still consist of 1 Gigabit copper. Of course, these networks still require reliable traffic visibility. Copper Network TAPs are the best method to ensure reliable network visibility as they will neither affect production traffic nor become a point of failure in the network. 
 

When tapping gigabit copper links, it’s important to know the network utilization in both directions of the link. If the speeds are less than 500 Mbps in each direction, then an Aggregation TAP can be used to produce a single monitor link per tapped network link. However, if the combined network speed of each direction of traffic is greater than 1 Gbps, then a Breakout TAP will be needed to ensure the monitor ports are not oversubscribed. 

 modes2

 

Breakout TAPs will provide 100% full packet capture at the cost of requiring an additional monitoring port: two monitor links are generated per tapped network link. 

 

Click here to help choose the right copper TAP for your network visibility project. 

 

If multiple copper network links are tapped, many monitor links could potentially be generated. At this point, there are two options on how to handle the monitor links: connect each monitor link directly into the network monitoring or security tool or send the monitor links into a Network Packet Broker that can reduce the number of connections needed to get the data to the tool. 
 

2-TAP-AGG-NPB

 

If the network tool you are using has a massive quantity of ports to support each monitor link, then you’re golden. Unfortunately, most network tools do not have many ports available to receive copies of incoming traffic. If you’re using a tool with a limited number of ports, then a Network Packet Broker can accommodate your needs by reducing the amount of monitor links to a number that is more manageable for the network tool.


TAP-vs-SPAN-Everything-You-Need-to-Know-CTA

There are many options for Network Packet Brokers and the needs of your network should be taken into consideration when making your choice.  1G Copper Network Packet Brokers often come with 10Gb open SFP+ ports to provide modularity for 1 to 10Gb connections of either copper or fiber. Reminder: the appropriate transceivers will need to be purchased for each 10G SFP+ port. 

 

Garland Technology’s AA1G52ACv2 is a 1 Gigabit Network Packet Broker tailored for copper networks. The AA1G52ACv2 has built-in 10/100/1000M (1G) RJ45 copper ports, allowing copper monitor links to be directly terminated into the Aggregator without the need of an additional transceiver. The four additional 10G open SFP+ cages on the AA1G52ACv2 provide the means to aggregate multiple 1G ports together into a single monitor link that can be sent to a network tool. 

 
AA1G52ACv2-1
 

Garland Technology’s AF1G52AC is 1 Gigabit Network Packet Broker also engineered for copper networks with built-in 10/100/1000M (1G) RJ45 copper ports and four additional 10G open SFP+ cages.  

 

AF1G52AC

 

All of Garland Technology’s Network Packet Brokers share the following benefits: 

  1. No subscription, port, or feature fees​ 
  1. Support MSA-compliant transceivers​ 
  1. Easy to use configuration interface 

Looking to add Network Packet Broker to your copper network, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!

New call-to-action

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES