Visibility is key for today’s Network Engineers and Managers. Visibility is a MUST when thinking about network security and compliance requirements and soon GDPR. I want to focus on the need for real visibility that only TAPs provide versus the totally misunderstood marketing ploy of SPAN!
Port Mirroring / SPAN Technology
SPAN generally stands for Switch Port for Analysis and was a great way to effortlessly and non-intrusively acquire data for analysis. By definition, a SPAN Port usually indicates the ability to copy traffic from any or all data ports to a single unused port but also usually disallows bidirectional traffic on that port to protect against backflow of traffic into the network.
SPAN is and was a market add-on for switches. It is a bus sharing technology where the output is at the mercy of the switch’s primary goal – getting packets to the correct IP addresses, and not to share those packets until the bus has time/bandwidth to do so. In the meantime packets (time relevance is loss) are held, groomed and/or dropped. That is why any visibility of data packets through a SPAN port results in out-of-time relevance, dropped frames and groomed information.
SPAN was not built for true visibility access and does not meet the criteria for compliance and security monitoring. Oh! I left out that switches can easily be hacked, thus even further reducing the value of SPAN for high level visibility.
>> Download Now: TAP vs SPAN [Free whitepaper]
That’s not to say SPAN is all bad, but one must be aware of its limitations. Since managed switches are an integral part of the infrastructure, one must be careful not to establish a fault or failure point. Understanding what can be monitored is important for success since SPAN ports are often overused leading to drop frames, all due to the fact that LAN switches are designed to groom data (change timing, add delay) and extract bad frames as well as ignore all layer 1 & 2 information.
When dealing with Data Security Compliance, the combination of the facts that SPAN ports limit views, are not secure and that they are transporting monitored traffic through the production network could prove itself to be unacceptable in a court of law.
When used within its limits and properly focused, SPAN is a valuable resource to managers and monitoring systems. However, for 100% guaranteed visibility of network traffic there is NO replacement for a passive Network TAP! The TAP is a necessity for meeting many of today’s visibility access requirement,s and as we approach larger deployments of 10 Gigabit, SPAN access limitations will become more of an issue and failure as a viable access point.
The Visibility Advantages of TAPs Compared to SPAN Ports
- TAPs do not alter the time relationships of frames – spacing and response times especially important with VoIP and Triple Play analysis including FDX analysis.
- TAPs do not introduce any additional jitter or distortion which is important in VoIP / Video analysis.
- VLAN tags are not normally passed through the SPAN port so this can lead to false issues detected and difficulty in finding VLAN issues.
- TAPs do not groom data nor filter out physical layer errored packets
- Short or large frames are not filtered
- Bad CRC frames are not filtered
- TAPs do not drop packets regardless of the bandwidth
- TAPs are not addressable network devices and therefore cannot be hacked
- TAPs have no setups or command line issues so getting all the data is assured and saves users time.
- TAPs are completely passive and do not cause any distortion even on FDX and full bandwidth networks. They are also fault tolerant.
- TAPs do not care if the traffic is IPv4 or IPv6, it passes all traffic through.
For today’s network security, compliance assurance, and efficiency measurements for Real Time flows like Voice and Video, packet brokers and deep capture technologies the ONLY true visibility access method is a TAP.
TAPs are the best method to feed the expensive equipment one needs to ensure your network’s viability, and collect evidence of security issues so that attacks, data leaks and network breaches can be quickly identified and resolved.
REAL DATA VISIBILITY can ONLY be achieved by TAPs!
Looking to add a visibility solution to your next deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!
