<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

The 101 Series: Active Network TAPs—Where, When and How

June 15, 2022

Active Network TAPs Garland Technology

Network connectivity is critical to any security or network monitoring project. Many are always asking us which network TAP is right for them.  In a recent post, we discussed the ins and outs of passive network TAPs which are typically paired with out-of-band monitoring solutions. 

 

Today, we’ll take an in-depth look at active network TAPs and see where, when and how they fit into a complete visibility strategy.

Active Taps are Necessary When any One of the Following Conditions are Present:

  1. An inline security appliance is being deployed such as an IPS or firewall.  In this case the active TAP is classified as a Bypass TAP.
  2. A copper Gigabit segment is being monitored. Gigabit copper is a special case that requires the two endpoints being monitored to link to the TAP, regardless of the application.
  3. A monitoring tool will be used that injects packets into the network, such as TCP Reset Packets.

What is an Active Network TAP?

Garland defines an active network TAP as a TAP that is physically linked to the monitored devices. If the power is lost on the TAP Garland has proprietary failsafe circuitry that connects the two monitored devices together so traffic continues to flow.

Active TAPs require power to support additional functionality like aggregation and regeneration as well as advanced functions like filtering and bypass. 

The whole point of deploying network TAPs of any kind is to ensure total visibility for any connected appliances.  These purpose-built devices are inserted directly into the network to provide complete access to traffic data at the source.  Unlike switch SPAN ports or other secondary sources that can be overwhelmed during traffic spikes, network TAPs pass 100% of the bits, bytes and packets that they see directly to the connected security appliances or network monitoring tools.

Modes-Bypass1Diagram 1: Active TAP in Bypass Mode

Active network TAPs are frequently designed to support inline security applications, such as firewalls, anti-malware devices, intrusion protection systems and more.  These security systems are unique because they take in traffic from the outside world and attempt to block suspicious communications from getting inside the company.  Naturally, these appliances require a TAP that can feed them network traffic without losing packets – but they also need a solution able to accept the authorized traffic as well as messages from the appliance and let them travel to their intended destination.  Only an active network TAP can facilitate this type of communication.

Download Now: Network TAPs 101 - The Networking User Guide [Free eBook]

Providing Inline Security Device 100% of the Packets

The biggest reason companies use active TAPs is to ensure that their key front-line security systems don’t miss packets, a risk that most CSOs prefer to avoid.  However, this deployment method offers another key benefit – security appliances can easily be moved to an out-of-band status in the event that the company needs to troubleshoot issues or make updates.  If firewalls and other appliances must remain in-line during the upgrade process, there is a good chance that normal traffic flows will be disrupted and cause issues for other applications.  Taking firewalls out-of-band for a few minutes is the fastest way to see if a persistent issue originates with the network or the security system.

Simply put, active TAPs make life easier for the people tasked with managing today’s complex IT environments.  And, the firewall still sees 100% of the network traffic while it is running out-of-band so the risk to the organization is minimal.   

Providing Network Access in Copper Gigabit Environments

Organizations looking to provide connectivity for security or network monitoring devices in high speed copper environments must use an active network TAP regardless of whether or not the appliance is inline or out-of-band.  Passive TAPs cannot be deployed in copper gigabit environments because of the way that data is simultaneously transmitted and received over the copper pairs – the endpoints don’t get a clear picture of what is coming and what is going.  

Ensuring Effectiveness

Unlike certain passive TAPs, all active network TAPs require power to function. That means that you need a failsafe mechanism to ensure that you haven’t introduced a possible failure point into the network.  All Garland active TAPs were designed to recognize power outages and automatically close the relay circuitry in less than 8 milliseconds providing a passive connection between your  two network elements.This ensures network uptime while your network administrators figure out the power loss issue.

While all network TAPs serve the same need – ensuring that connected devices receive 100% of the traffic data they require to their job – you need to pick the one that best suits your application and environment.

Looking to add an active TAP to your next deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!

Network TAPS 101 Basics for IT Security engineers

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES