Frequently Asked Questions
Last updated: Nov.30, 2022
What is a NETWORK TAP?
The term TAP is an abbreviation for Test Access Port. A TAP establishes a passive access point to the network, whereby the network data transmitted via the cable can be read for analysis purposes. TAPs also copy the critical network packets with CRC errors, which are of great importance during troubleshooting or analysis.
A standard TAP has 4 network connections and is looped into the network cable via 2 ports. It therefore sits directly on the cable. A copy of the network traffic is fed out via the other 2 ports and can thus monitor a full-duplex line without interruption. When using these classic TAPs, 2 ports each are required on the monitoring tool for analysis, as TX & RX are routed out separately.
Another advantage of this routing method is that the network packets can be analysed by the monitoring system on the basis of their transmission direction. This also enables the analysis of a fully loaded full-duplex line transparently and without losses. Network TAPs are available for all common network topologies and speeds from 10MBit/s up to 400Gbps.
What is a BREAKOUT MODE?
with Breakout mode
Each Ethernet packet transmitted via the network line is mirrored separately in this mode while maintaining the data integrity in the TAP.
The send and receive directions are output separately on the two monitoring ports so that the network traffic can be analysed per data direction in this case.
Another great advantage of the Breakout mode is the visibility of the network traffic even with a fully loaded network connection. In this mode, the set network speed is transferred to the monitoring ports.
What is AGGREGATION?
Aggregation refers to the interconnection or bundling of network data packets that come from either a single full-duplex (TX & RX) or multiple lines.
Aggregation can be used, for example, to analyse and evaluate the full-duplex data of one or more data lines with a single network interface. The aggregation device receives the data from the corresponding lines, combines them in the correct order and sends these packets out to one or more ports.
with Aggregation mode
What is a PORT AGGREGATION TAP?
A Port Aggregation TAP differs from the normal TAP in that the decoupled full duplex data TX & RX are aggregated to a single output port.
In this way, the data to be analysed is output on one monitoring port and no further interfaces are required on the monitoring device.
However, it is not necessary to use a special Aggregation TAP for aggregation. All our PacketRaven Network TAPs – except the pure Fiber TAPs – are capable of breakout, aggregation and regeneration modes.
What is a REGENERATION TAP?
Regeneration TAPs work in the same way as regular Network TAPs, but make the tapped data available for monitoring to several analysis tools at the same time.
This means that the network data tapped from the network can be monitored for different purposes by several monitoring tools at the same time.
However, it is not necessary to use a special Regeneration TAP for regeneration . All our PacketRaven Network TAPs – except the pure Fiber TAPs – are capable of breakout, aggregation and regeneration modes.
with Regeneration mode
What is LINK LOSS DETECTION?
Link Loss Detection is an important feature for Network TAPs with copper ports and transparently transmits link information to the network ports. If a device connected to port A fails or the link is deactivated by the network component for any reason, the LLD function shuts down the link to port B and thus ensures that HA connections function without problems.
Assuming that port B would not notice this link deactivation in such a case, the connection to network side B would still be active and network routes and HA protocols could not work properly.
with Data Diode Function
What is a DATA DIODE function?
Data diodes ensure unidirectional communication and ensure that data traffic can only flow in one direction.
Unidirectional network devices are typically used to ensure information security or the protection of critical digital systems, such as industrial control systems or production networks from cyber attacks.
Our TAPs work like a diode and do not allow access to the network via the monitoring ports for security reasons.
By adding this further layer of security, it is therefore not possible to compromise the network connection and the productive network.
What is FAIL-SAFE?
Since Network TAPs are usually installed in critical network lines, it must be ensured that TAPs do not affect the line in any way. By means of fail-safe, the TAP behaves like a cable bridge in the event of a failure or arbitrary deactivation and ensures that the active network connection is not interrupted or at least continues to function without the TAP function and thus does not negatively affect the active line.
Are all PHYSICAL ERRORS (CRC) passed on to the monitoring tools via our Network TAPs?
These important errors are passed on to the output ports for analysis in all products.
Where is the NETWORK VISIBILITY layer?
Our visibility solutions are placed between the network and the application (services) layer.
What are the disadvantages of using a SPAN PORT?
Using a SPAN Port has several disadvantages:
- Packet loss can occur
- Packet order can be corrupted
- Package duplicates can occur
- Switch is an active device and can be compromised
- Causes additional latency
- CRC/FCS faulty packets are not mirrored
- Doesn’t support full-duplex traffic analysis
- Can be easily oversubscribed
- Microbursts may not be forwarded
What you see is NOT always what really happens on your network!
My FIBER-TAP does not seem to work!?
In almost all cases, this is due to improper wiring. The most common error is dealt with here.
