Test Access Points (TAPs) are a simple concept. A TAP is a hardware device that allows network traffic to flow from ports A to B, and B to A without interruption, and creates an exact copy of both sides of the traffic flow, continuously, 24/7 without compromising network integrity. The duplicate copy can be used for monitoring, security or analysis.
Network visibility is more critical than ever. Networks are getting more complex with higher speeds carrying an increasingly unprecedented amount of data, in addition to the increased threat of sophisticated cyber security risks. With the growing number of analysis and security tools needed to process this data, a granular visibility approach into the actual packets running on the wire is a must.
Let’s go over the basics and industry best practices.
How do Network TAPs work?
Instead of a router and switch connected directly to each other, a TAP is placed in between them connecting both devices.
As we mentioned, TAPs provide complete unfiltered access to bi-directional traffic streams. The data is transmitted between the two network devices (ie. routers and switches) in both directions, east and west traffic. TAPs copy the transmit signals from each device and sends them to separate monitoring ports. This ensures every packet is copied and eliminates any chance of oversubscription.
Figure 1. East / West traffic flow.
Figure 2. East / West traffic flow with tap in TAP "Breakout" mode.
Network TAPs come in variety of different functions and features. Each type of network TAP operates differently based on the requirements it needs to perform.
Even Cisco agrees, if you're still using SPAN / Mirror ports you do not have 100% network access or visibility.
"The switch treats SPAN data with a lower priority than to-port data...the best strategy is to make decisions based on the traffic levels of the configuration and when in doubt to use the SPAN port only for relatively low throughput situations." -Cisco
Network TAPs can perform multiple functions and modes within the same device, including:
Providing unfettered access to all of the bits, bytes and packets flowing through a network is a critical piece of network design. Without it, security appliances, monitoring devices and analytical solutions cannot function optimally – a critical issue in a world where downtime or a security breach could cost millions. Want to dig deeper on the basics? Start here.