What are Network Taps and what advantages do they have over SPAN ports?
The term TAP is an acronym for Test Access Port. A network TAPalso known as Ethernet TAP, creates a passive access point to a network connection so that the data transmitted via the network infrastructure can be read for analysis and evaluation purposes. Once installed, the network TAP copies the entire live traffic transparent, fast, easy and without any impairment to the active network to your monitoring and security tools for reliable analysis.
A network TAP operates at the OSI Layer 1 and has no MAC address. Therefore, it is invisible to the network and is also undetectable to any attacker. This is essential, especially in the area of network forensics and in the security field where criminals could take the presence of Taps into consideration. The use of network Taps has another advantage - you decide where you want to access the data. This flexibility is very useful because you can strongly influence and improve the quality of your measurement results. Furthermore, network Taps are passive components and do not affect the real traffic in any way. Additional "fail-open" technology at the Ethernet copper Taps, means that the data line is switched through even when there is a power cut. The network TAP works like a cable bridge while protecting your production network from failure. This means that you get accurate data for error-free analysis directly from the TAP. If you use SPAN ports, however, the result can be falsified, since this technique operates in Store and Forward mode and CRC errors on OSI Layer 2 are rejected, rather than sending on the mirror port. In contrast, Ethernet Taps are derived from critical CRC errors, without affecting the original data. Furthermore, a network TAP operates like a diode and doesn’t allow access to the live network from the monitoring ports. A professional network analysis is, therefore, only ensured with network Taps.
When you use several Taps, you also get a much more accurate measurement result and can identify network and application errors much more quickly and accurately, so you can gain valuable time when troubleshooting network problems. Instead of the elaborate configuration of SPAN ports, you can install the Tap in plug'n play mode and can get quickly started. This is why Cisco, the world's leading network equipment provider, advises the use of such SPAN ports for network analysis aware. Read on to learn more ...
Network Taps have a further decisive advantage to your system set-up: they completely re-direct the full-duplex traffic. This means you separately get access to the transmit TX and receive RX stream of a full duplex line and can, for example, analyze a 1G line lossless even with a maximum utilization of 2Gbps. In this case you need two network interfaces to capture the network data on the analyzer. Using this method means that sending and receiving directions can be easily distinguished, so another source of error is eliminated.
SPAN ports, on the other hand, must process and aggregate the data in the memory before they are forwarded to the SPAN port, which is not one of the primary tasks of a switch, thereby can significantly affecting the quality of the analytical results. A higher capacity due to the use of mirror ports, the switch processor, can lead to a loss of data on the SPAN port. Experts, therefore, recommend for data-retaining and reliable packet capturing Ethernet Taps!
Our Network Taps from Garland Technology are available for all common media types (Copper and Fiber) and network speeds (10/100/1000BaseT, 1G, 10G, 40G and 100G) and can give you the monitor signals selectively on RJ45 Ethernet, or provide you with the output on the available SFP interface to give you maximum flexibility. This can, for example, forward the data of a copper line to a SFP based monitoring interface which would allow you to easily capture the data through a fiber link without the need for additional and expensive media converter.
Of course, you would also be able to easily monitor your existing fibre optic links (single or multimode) with your existing copper measuring equipment without additional components, because the media conversion takes place, in this case, in the TAP.
Our copper Ethernet Taps also support the Link Fault Propagation feature. This is essential for critical and high-available networks. Once a device is connected to the TAP, and the active network node fails, or the link goes down, or if you even want to disable the line for various reasons, the Network Tap must behave transparent and forces the network links connected to the TAP do go offline. This function is ensured by LFP in our copper Ethernet Taps, allowing you to use our components in critical network infrastructures.
By using the modular chassis, you have a distinct advantage. You can have 12 modules (Taps) in a 2U system installation without requiring 24 separate power supplies for redundant power supply! The chassis, equipped with 2 power supplies and available as AC as well as DC variant, takes over the entire power supply to the modules. Another valuable feature of the chassis system is that it is compatible with all modules of Garland Technology, as well as allowing the simultaneous use of Network Taps, Bypass Taps, Aggregation Taps and Converter Taps. You can get a compact, reliable and very flexible solution that allows you to analyze and capture your network data. Network Taps from Garland Technology are available for copper and fibre media types and support speeds of up to 100 Gbit/s.
Modular Chassis Systems for Network and Aggregation Taps