What’s a Network Tap?
The term ‘TAP’ is an acronym that stands for ‘Test Access Port’. A Tap creates a passive access point on the network, so network data transmitted via the cable can be read for analysis purposes. Taps also copy critical network packets with CRC errors, which is of great importance for debugging or analysis.
A standard Network (Ethernet) Tap has 4 LAN ports and is looped into the network line through 2 ports so it’s connected directly to the cabling infrastructure. The other 2 ports provide a copy of the network traffic so you can monitor any interruptions in a full-duplex line. A classic TAPs needs 2 ports to send data to the monitoring tool because TX & RX data are sent separately.
Another advantage of this transmission method is that the monitoring system can analyse network packets based on transmission direction. A fully loaded, full-duplex cable can be analysed transparently with no data loss. Network taps are available for all common network topologies from speeds of 10Mbit/s up to 100Gbps.
What’s a Port Aggregation Tap?
A port aggregation Tap is different from the normal Tap in that the coupled-full-duplex TX & RX data are aggregated for a single output port. A monitoring port gathers the data needed for analysis so the monitoring device doesn’t need to use any additional interfaces.
What’s a Regeneration Tap?
Regeneration Taps work like regular network Taps but they provide monitored data to multiple analysis tools simultaneously. Data gathered from the network can be monitored by several monitoring tools at the same time for different purposes.
What are Bypass Taps (Switches)?
Bypass Taps (also called bypass switches) are looped directly into the network cable infrastructure to ensure an uninterrupted network connection. They increase the availability of your data line during the operation of active components sitting directly on the line. These devices, which are usually IPS or WAF systems, are designed to pick up traffic directly on the line and analyse it. This means that they’re directly installed on the line. If these devices fail, your network is very much affected and this situation is likely to result in the total failure of your IT infrastructure. Often these systems have an internal bypass switch but it’s only active in the event of hardware failure. However, if software is affected or you want to carry out equipment maintenance, in most cases you have to interrupt your network and carry out this task within a specified time frame.
By contrast, a bypass Tap sits on the line that’s monitored and passes data transparently to the connected system. This sensor analyses the data as if it were coming directly from the line and passes it on to the bypass switch. The bypass switch sends the data back to the network by means of an internal relay system. This is a passive process and doesn’t cause any problems or failures since the bypass switch actually checks the system’s health status using a heartbeat packet to ensure monitoring devices are reliable and perform their functions. If a fault is detected, the bypass Tap immediately switches to bypass mode and passes the data directly on to the network without carrying out an analysis.
If you have a redundant configuration, the bypass Tap would monitor network traffic using a second security instance to ensure your line is monitored by a standby security system when a fault occurs on the primary system.