Test Access Points (TAPs) are a simple concept. A network TAP is a purpose-built hardware device that allows you to access and monitor your network traffic by copying packets without impacting or compromising network integrity. The TAP allows network traffic to flow from ports A to B, and B to A without interruption, creating an exact copy of both sides of the traffic flow, continuously, 24/7, 365. The duplicate copies can be used for monitoring, security and analysis.
Network visibility is more critical than ever. Networks are getting more complex with higher speeds carrying an increasingly unprecedented amount of data, in addition to the increased threat of sophisticated cyber security risks. With the growing number of analysis and security tools needed to process this data, a granular visibility approach into the actual packets running on the wire is a must.
“EMA recommends that enterprises use TAPs as much as possible in the access layer to avoid network performance impacts and assure packet fidelity.”
-EMA [Enterprise Management Associates]
Let’s go over the basics and industry best practices.
How do Network TAPs work?
Instead of two segments, say a router and switch, connected directly to each other, a network TAP is placed in between them connecting both devices.
As we mentioned, network TAPs provide complete unfiltered access to bi-directional traffic streams. The data is transmitted between the two network devices (ie. routers and switches) in both directions, east and west traffic. TAPs copy the transmit signals from each device and sends them to separate monitoring ports. This ensures every packet is copied and eliminates any chance of oversubscription.
Figure 1. East / West traffic flow.
Figure 2. East / West traffic flow with tap in TAP "Breakout" mode.
Network TAPs come in variety of different functions and features. Each type of network TAP operates differently based on the requirements it needs to perform.
Even Cisco agrees, if you're still using SPAN / Mirror ports you do not have 100% network access or visibility.
"The switch treats SPAN data with a lower priority than to-port data...the best strategy is to make decisions based on the traffic levels of the configuration and when in doubt to use the SPAN port only for relatively low throughput situations." -Cisco
Network TAPs can perform multiple functions and modes within the same device, including:
Providing unfettered access to all of the bits, bytes and packets flowing through a network is a critical piece of network design. Without it, security appliances, monitoring devices and analytical solutions cannot function optimally – a critical issue in a world where downtime or a security breach could cost millions. Want to dig deeper on the basics? Start here.