Challenge: How to ensure optimal tool performance?
Network monitoring and security tools need packet data to properly analyze the task at hand. Teams are typically tasked with getting more out of their existing tool investments, which becomes challenging with growing traffic volumes and legacy architecture.
• Network and security tools can themselves be oversubscribed
• Traffic growth outpaces existing tool capacity leading to reduced throughput and effectiveness
To get the data to these tools, your options are spanning a port from your switch or utilizing a network TAP. At the same time, it is imperative to not negatively affect the performance of these tools or the connected network.
SPAN ports generally do not affect the performance of the switch, though this varies with different SPAN port features / vendors, but can have an impact on your data and the tools and they are feeding, including:
• Designed for low-throughput situations, SPAN will drop packets if heavily utilized or oversubscribed
• Can duplicate packets if multiple VLANs are used
• Can change the timing of the frame interactions, altering response times
• Will not pass corrupt packets or connection errors