Garland Technology ensures complete packet visibility by delivering a full platform of network TAP (test access point), inline bypass and packet broker products.
Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.
Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.
The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners
Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.
Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.
Active inline appliances are on the front-lines of your network's critical links, but out-of-band monitoring devices are just as important to your overall network visibility and security. Your out-of-band monitoring devices might include application performance monitoring (APM), Wireshark, network analyzers, lawful intercept and deep packet inspection.
In this post, we’ll discuss the keys to ensuring 100% network access for your out-of-band monitoring appliances that analyze your network traffic.
Your out-of-band monitoring devices aren’t effective if they can’t see 100% of network traffic and compare it to your normal baseline. Placing analyzers and network TAPs in different locations throughout the network will allow you to compare traffic to help spot suspicious activity and ensure the devices are deployed effectively.
Follow these tips for proper deployment:
Unlike active network TAPs that pass traffic through an inline device, network TAPs simply copy traffic from the network and pass it to the monitoring appliances. Whether you have a fiber optic network or a 10/100M network, network TAPs ensure total network uptime even in the case of power failure.
Not all network TAPs are created equal, though. Determining which mode you need is essential to ensuring visibility.
The type of network TAP you choose is based on the type of device you’re tapping and its environment. A breakout TAP can be used for high utilization situations. The following figure depicts how breakout mode works:
Figure 1: Copper TAP
Figure 2: Fiber TAP
Network elements (a router and a switch) are connected to Network Ports A and B. The router on Port A sends traffic to Port B and Monitor Port C while the switch on Port B sends traffic to Port A and Monitor Port D. A network monitoring device is linked to Ports C and D, analyzing 100% of the traffic from the router and switch. Because the traffic is separated into two different ports, breakout mode can handle your heaviest traffic situations.
TAP 1G full duplex for 2G traffic
TAP 10G full duplex for 20G traffic
TAP 40G full duplex for 80G traffic
TAP 100G full duplex for 200G traffic
Aggregating mode, on the other hand, combines the traffic from Port A and Port B, delivering two separate copies to Port C and Port D. This gives you the ability to connect two different monitoring devices (Wireshark and deep packet inspection, for example), but limits you to low utilization scenarios because of potential over-subscription.
Figure 3: Aggregating TAP
Aggregating TAPs can support devices with just one NIC card and combine monitoring traffic into a single monitoring port. For example, if Wireshark is on your laptop that only has one NIC you can now see both sides of the traffic. When you understand the technical requirements of your appliance and network, you can choose the right TAP for the job.
Packet brokers can be placed between your network TAP and network monitoring devices to allow you to manipulate your traffic in many ways so your monitoring appliances receive just the traffic they are interested in to perform the proper analysis that you require. Packet brokers are also useful when you have many network links and fewer appliances or a new high speed link going to existing low speed appliances.
The packet broker can filter, aggregate and load balance the traffic presented to it and send the traffic off to out-of-band appliances. They can also change the media from fiber to copper, single-mode fiber to multi-mode. A packet broker with hybrid bypass TAPs can also send information to your security tools, while providing failsafe security for your active, inline appliances.
Load balancing with packet brokers allows your network tools to see every bit, byte and packet® necessary to analyze the health of your network. Packet brokers also support “any to any” configuration (1G to 10G, 10G to 1G, to 40G, 1G to 40G, 40G to 10G and 1G) so you can grow your network and ensure 100% visibility without purchasing new appliances with every upgrade.
100% Traffic Analysis All of the Time
Implementing passive network TAPs is guaranteed to ensure 100% visibility for your monitoring devices.Combined with the packet broker you add a great deal of flexibility to view what is going on in your network to keep it properly maintained. Remember, you can’t fix what you can’t see.
Looking to add visibility solutions to your next deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!
George has many years of experience working with both hardware and software in the OEM and Commercial marketplace. George’s expertise is in the engineering of Network TAPs.