Network TAPs are a critical element of any Network Visibility infrastructure. Just like a telephone wiretap, Network TAPs provide a means to observe network traffic for security, network performance monitoring, and diagnostic purposes.
There are many flavors of Network TAPs, just as there are many types of network media. TAPs must be specifically designed to match the media, speed and mode of the network links into which they will be deployed. Niagara’s Network Packet Brokers support all types of media, including Copper Ethernet (100-baseT & 1000-baseT), as well as 10, 40, and 100Gb fiber-optic cable.
Fiber TAPs come in two basic types, Active and Passive. An active fiber TAP utilizes a pair of Ethernet fiber-optic transceivers, which are connected inline with the fiber-optic media to be monitored. The transceivers each contain their own active optics and are able to negotiate speed and mode with their link partners. Optical traffic received over the fiber-optic links is converted to electrical signals, which are then made available to a network monitoring tool or directly to a Niagara Networks Packet Broker for additional filtering and processing.
A passive fiber TAP uses specialized optical splitters to redirect a portion of the light energy on each fiber-optic strand to a standard fiber-optic port or to a built-in optical receiver. These splitters can be tuned to divert varying amounts of light to the monitoring device. The advantage of passive TAPs is that they are extremely simple and reliable. They have no moving parts, no active electronic components and are virtually “invisible” on the network. Passive TAPs produce an exact representation of the light signals on the network, including errors that might be filtered out by active devices. However, active TAPs have the advantage of not degrading the signal at all, and can act to extend the range of optical media since they electronically regenerate the network frames as they are forwarded.
Niagara Networks offers unique Optical TAP Solutions in two modes: breakout and aggregation. In breakout mode as explained above, the TAP separates Eastbound and Westbound traffic streams into two monitoring separate fiber ports. Receive and Transmit from each router/switch will be intercepted. These monitoring fiber ports are connected to a Network Packet Broker to direct the traffic for analysis of tools and appliances.
Aggregation mode combines the two eastbound and westbound traffic streams to a common backplane on the Network Packet Broker and from there, the user can map asymmetric flows into symmetric traffic flows and filtering for analysis.
Optical Passive TAP - Breakout
Optical Passive TAP – Aggregation
All TAP devices for Copper media (100base-T, 1000base-T, 10Gbase-T) use active technology. High speed Ethernet over Copper media involves complex modulation schemes for transmission and digital signal processing techniques for reception; these signals can’t be recovered by simply “tapping” the wires. As a result, TAPs for Copper media act like switch ports in that they can negotiate speeds and modes with their link partners and require power to operate.
Most Ethernet media operates in full-duplex mode. Both sides of a link may transmit data simultaneously, which gives the link double capacity. For example, a 1000base-T link can carry two Gigabits per second if both link partners are transmitting 1Gb/s at the same time. This poses a problem for a TAP device. If a TAP is monitoring 1000base-SX links, running full-duplex, then the data on the link needs to be delivered to two separate monitoring ports as a single port could easily be oversubscribed. (1Gb/s transmitted by device “A” plus 1Gb/s transmitted by device “B” exceeds the capacity of a 1Gb/s monitoring port). Thus, two ports are made available, or alternatively, the full-duplex data can be presented to tools over a higher-speed interface. Network Packet Brokers simplify these concerns by handling the details of speed-matching, load balancing and filtering traffic to remove “noise packets.”
Passive inline Optical TAPs have the inherent advantage of extremely high reliability. But active TAPs, which are required in many environments, are subject to the same failure modes as switches, servers, and routers. Power failures, overheating, and more, can interrupt traffic flowing through active inline TAPs. Niagara pioneered development of fail-safe inline TAPs in the 1990s. Fail-safe inline TAPs (Also called “Bypass” TAPs) include optical or electrical switching elements that directly connect the two network links being monitored in the event of a failure. Niagara manufactures fail-safe TAPs for all types of media that can be easily installed in our modular Network Packet Brokers or factory installed in our Fixed-configuration Visibility Solutions.