Aggregation Taps have the ability to bundle multiple streams of data or, as the name implies, to aggregate. This is a significant benefit: You can use this technique to evaluate data from multiple lines simultaneously using a single network interface on your analyzer. Aggregating a single network connection is called a port aggregation tap. If the aggregation is carried out on several lines, this technique is called link aggregation.

The diagram at the top left shows the schema of a port aggregator. As you can see on this picture, the TX & RX line of a network connection is aggregated here on Port C & D, which allows to capture the data of a full-duplex route with only one network connection bundled. Thus, Port C and D each receive all the traffic on a link, and one could use this aggregation taps to send the network data to an analyzer such as OmniPeek or Wireshark for analysis purposes, and at the same time network traffic from a security device such as e.g. an IDS monitor.

In addition, Garland Technology aggregation taps can also operate in tap mode (also known as break-out mode), and they can easily switch between these functions via a DIP switch. This is a significant advantage and allows you to use the Aggregation Tap as a traditional TAP when needed for analysis. In addition, a port aggregation tap, as shown on the right of the Schaublid, can also be used as a regeneration tap. In this case, the signal applied to port A will be copied to B, C, and D. This is a convenient way to duplicate a simple signal without complex configuration to up to 3 ports, so you can analyze the data with 3 different monitoring tools simultaneously.

Due to the limitation of the physical speed of the network interface, you can also use port aggregation taps on gigabit networks to analyze only a maximum of 1 Gbps of traffic. This should be noted, since exceeding this capacity can lead to packet losses and an error-free recording is thereby excluded. In such a case, the use of valves with filter characteristics is recommended. These so-called intelligent taps can sort the traffic according to defined criteria on the OSI layer 2-4 and forward only the filtered data to the analyzer. So you can selectively reduce the amount of data at the output port and receives only the relevant information.

Another measure to reduce the amount of data without neglecting the essential information would be the so-called packet slicing method. Using this slicing function, the frames are shortened accordingly by removing the payload from the payload. Of course, all information required for the analysis is retained in this method and only the user-relevant information is deleted from the application layer (payload). Thus, one can also manage and analyze the huge amounts of data without compromise in a targeted and reliable manner. Our modular aggregation taps support packet slicing and allow you to determine the value of the content you want to separate. In this way, you can cut off the user data of users and are thus able to perform a lawful network analysis without violating privacy.

The Link aggregation is a popular method for evaluating network data from multiple network lines on a dedicated data port. The benefit is that you can analyze the network data from many network access points simultaneously with a single analyzer. This will give you a much more accurate and better overview of the network packets and even use this technology to measure runtime or reliably detect performance bottlenecks. Garland Technology offers a compact 10-port Link Aggregation Tap, of which 8 ports serve as a network tap and the remaining 2 interfaces for output. This Aggregation Tap can operate both as an in-line device in 4 lines at the same time and also supports the aggregation of 8 SPAN data streams. The built-in network taps are, of course, passive and are looped transparently into the line to be analyzed in in-line mode. With the SPAN method, the data mirrored by the network switch is simply connected to the input ports. This Link Aggregation Tap supports the variable assignment of the network ports to the monitoring interfaces, allowing you to determine the data to be aggregated yourself and to be able to change this mapping flexibly at any time. You also have the option of performing this analysis in full-dupex mode on this tap. This is done by the separate aggregation of the TX and RX lines. Thus, you get separated to the 2 output ports TX and RX and can thus detect the transmission direction of the packets and evaluate them for analysis. Another advantage of this method is that you can analyze network data from 4 full-duplex or 8 SPAN ports up to 2 Gbps bandwidth without packet loss. With standard aggregation you would only be able to evaluate a loss of 1Gbps with this tap. Due to the existing 2 monitoring ports, all the data in the half-duplex aggregation is available in duplicate, which means that you can easily carry out a redundant analysis.

Centralized load sharing would be another way to intelligently manage the data for monitoring purposes. For more information, see the section “Network Packet Broker”. There you will find related products and a more detailed description of how smart load-balancers work for this purpose.

Video

Product Catalog

Tech Note – MTP und MPO

Whitepaper – Network Connectivity