The Network Design and Equipment Deployment Lifecycle

As we all know, technology has a life cycle of birth, early adoption, mainstream, and then obsoletion. Even the average consumer is very in touch with this lifecycle. However, within this overarching lifecycle there are “mini” lifecycles. One of these mini lifecycles that is particularly important to enterprises is the network design and equipment deployment lifecycle. This lifecycle is the basic roadmap of how equipment gets deployed within a company data network and key a topic of concern for IT personnel. While it’s its own lifecycle, it also aligns with the typical ITIL services of event management, incident management, IT operations management, and continual service improvement.

There are 5 primary stages to the network design and equipment deployment lifecycle: pre-deployment, installation and commissioning, assurance monitoring, troubleshooting, and decommissioning. I’ll disregard the decommissioning phase in this discussion as removing equipment is fairly straightforward. The other four phases are more interesting for the IT department.
The Network Design and Equipment Deployment LifecycleThe adjacent diagram shows a map of the four fundamental components within this lifecycle. The pre-deployment phase is typically concerned with lab verification of the equipment and/or point solution. During this phase, IT spends time and effort to ensure that the equipment/solution they are receiving will actually resolve the intended pain point.

During the installing and commissioning phase, the new equipment is installed, turned on, configured, connected to the network and validated to ensure that the equipment is functioning correctly. This is typically the least costly phase to find set-up problems. If those initial set-up problems are not caught and eliminated here, it is much harder and more costly to isolate those problems in the troubleshooting phase.

The assurance monitoring stage is the ongoing maintenance and administration phase. Equipment is monitored on an as-needed or routine basis (depending upon component criticality) to make sure that it’s functioning correctly. Just because alarms have not been triggered doesn’t mean the equipment is functioning optimally. Changes may have occurred in other equipment or the network that are propagating into other equipment downstream and causing problems. The assurance monitoring stage is often linked with proactive trend analysis, service level agreement validation, and quality of service inspections.

Troubleshooting is obviously the reactionary portion of the lifecycle devoted to fixing equipment and network problems so that the network can return to an optimized, steady state condition. Most IT personnel are extremely familiar with this stage as they battle equipment failures, security threats and network outages due to equipment problems and network programming changes.

Ixia understands this lifecycle well and it’s one of the reasons that it acquired Breaking Point and Anue Systems during 2012. We have capabilities to help the IT department in all four of the aspects of the network design and equipment deployment lifecycle. These tools and services are focused to directly attack key metrics for IT:

  • Decrease time-to-market for solutions to satisfy internal projects
  • Decrease mean-time-to-repair metrics
  • Decrease downtime metrics
  • Decrease security breach risks
  • Increase business competitiveness

The exact solution to achieve customer-desired results varies. Some simple examples include the following:

  • Using the NTO monitoring switch to give your monitoring tools the right information to gain the network visibility you need
  • Using the NTO simulator to test filtering and other changes before you deploy them on your network
  • Deploying the Ixia Storm product to assess your network security and also to simulate threats so that you can observe how your network will respond to security threats
  • Deploying various Ixia network testing tools (IxChariot, IxNetwork) to characterize the new equipment and network during the pre-deployment phase

Additional Resources:

Ixia Solutions

Network Monitoring

Related Products

Ixia Net Optics Network Taps Ixia Net Tool Optmizers
Ixia Network Tap
Ixia Net Optics network taps provide access for security and network management devices.
Net Tool Optimizers
Out-of-band traffic aggregation, filtering, dedup, load balancing

Thanks to Ixia for the article.

The Importance of State

Ixia recently added passive SSL decryption to the ATI Processor (ATIP). ATIP is an optional module in several of our Net Tool Optimizer (NTO) packet brokers that delivers application-level insight into your network with details such as application ID, user location, and handset and browser type. ATIP gives you this information via an intuitive real-time dashboard, filtered application forwarding, and rich NetFlow/IPFIX.

Adding SSL decryption to ATIP was a logical enhancement, given the increasing use of SSL for both enterprise applications and malware transfer – both things that you need to see in order to monitor and understand what’s going on. For security, especially, it made a lot of sense for us to decrypt traffic so that a security tool can focus on what it does best (such as malware detection).

When we were starting our work on this feature, we looked around at existing solutions in the market to understand how we could deliver something better. After working with both customers and our security partners, we realized we could offer added value by making our decrypted output easier to use.

Many of our security partners can either deploy their systems inline (traffic must pass through the security device, which can selectively drop packets) or out-of-band (the security device monitors a copy of the traffic and sends alerts on suspicious traffic). Their flexible ability to deploy in either topology means they’re built to handle fully stateful TCP connections, with full TCP handshake, sequence numbers, and checksums. In fact, many will flag an error if they see something that looks wrong. It turns out that many passive SSL solutions out there produce output that isn’t fully stateful and can flag errors or require disabling of certain checks.

What exactly does this mean? Well, a secure web connection starts with a 3-way TCP handshake (see this Wikipedia article for more details), typically on port 443, and both sides choose a random starting sequence (SEQ) number. This is followed by an additional TLS handshake that kicks off encryption for the application, exchanging encryption parameters. After the encryption is nailed up, the actual application starts and the client and server exchange application data.

When decrypting and forwarding the connection, some of the information from the original encrypted connection either doesn’t make sense or must be modified. Some information, of course, must be retained. For example, if the security device is expecting a full TCP connection, then it expects a full TCP handshake at the beginning of the connection – otherwise packets are just appearing out of nowhere, which is typically seen as a bad thing by security devices.

Next, in the original encrypted connection, there’s a TLS handshake that won’t make any sense at all if you’re reading a cleartext connection (note that ATIP does forward metadata about the original encryption, such as key length and cipher, in its NetFlow/IPFIX reporting). So when you forward the cleartext stream, the TLS handshake should be omitted. However, if you simply drop the TLS handshake packets from the stream, then the SEQ numbers (which keep count of transmitted packets from each side) must be adjusted to compensate for their omission. And every TCP packet includes a checksum that must also be recalculated around the new decrypted packet contents.

If you open up the decrypted output from ATIP, you can see all of this adjustment has taken place. Here’s a PCAP of an encrypted Netflix connection that has been decrypted by ATIP:

The Importance of State

You’ll see there are no out-of-sequence packets, and no indication of any dropped packets (from the TLS handshake) or invalid checksums. Also note that even though the encrypted connection was on port 443, this flow analysis shows a connection on port 80. Why? Because many analysis tools will expect encrypted traffic on port 443 and cleartext traffic on port 80. To make interoperability with these tools easier, ATIP lets you remap the cleartext output to the port of your choice (and a different output port for every encrypted input port). You might also note that Wireshark shows SEQ=0. That’s not the actual sequence number; Wireshark just displays a 0 for the first packet of any connection so you can use the displayed SEQ number to count packets.

The following ladder diagram might also help to make this clear:

The Importance of State

To make Ixia’s SSL decryption even more useful, we’ve also added a few other new features. In the 1.2.1 release, we added support for Diffie Helman keys (previously, we only supported RSA keys), as well as Elliptic Curve ciphers. We’ve also added reporting of key encryption metadata in our NetFlow/IPFIX reporting:

The Importance of State

As you can see, we’ve been busy working on our SSL solution, making sure we make it as useful, fast, and easy-to-use as possible. And there’s more great stuff on the way. So if you want to see new features, or want more information about our current products or features, just let us know and we’ll get on it.

More Information

ATI Processor Web Portal

Wikipedia Article: Transmission Control Protocol (TCP)

Wikipedia Article: Transport Layer Security (TLS)

Thanks to Ixia for the article.

Common Monitoring Switch Deployment Scenarios

As IT departments see the increasing value of network monitoring, sometimes there is confusion as to how to deploy monitoring switches – from an organizational point of view. There are two common deployment scenarios. The first is where the IT operations department owns the network monitoring switch, also known as a network packet broker (NPB). This group then centralizes control and access to the NPB so that multiple IT groups can use the same NPB. The second is where the core networking group within the IT department owns the NPB and uses it to optimize information flow to a monitoring tool farm.

In the first scenario (businesses with a centralized IT operations group responsible for IT service management), the operations group acts as a broker for the monitoring switch. They provide centralized, role-based access to the NPB for their internal customers. The operations group also handles routine maintenance and product software updates. That group’s internal customers (like the security group and core networking group) can then use the NPB to perform the different functions they need it to, without further interaction with the operations group.

Removing dependencies (and delays) on other groups can have dramatic business benefits. Service and equipment turn up time can be decreased from hours/days to minutes. While some enterprise IT departments have tried implementing internal SLA’s to speed up intergroup dependencies, centralized access to equipment like this can help eliminate the whole SLA conversation and make life easier within the IT department.

Another huge benefit of a centralized deployment is that automation can be implemented around the NPB. Automation between the monitoring switch and other network equipment can enhance many IT department initiatives such as troubleshooting, automated provisioning, regulatory compliance, capacity planning, and virtualization workflows. See the Ixia whitepaper Automation: The Future of Network Visibility for more information on improving network visibility using automation.

Smaller organizations may not have a core IT operations group. They tend to have more dedicated functionalities within the IT department. However, the equipment is still just as useful to these IT individuals and/or groups, especially the security group and the monitoring tools group. The person or group responsible for monitoring tools can take advantage of the NPB capabilities to remove the need for “crash carts” and change board approvals for connecting monitoring tools to the network. A single monitoring switch can be used to feed multiple monitoring tools to optimize tool productivity and return on investment.

Once the NPB is inserted into the network, other IT engineers can take advantage of it as well. For instance, the network engineer can implement workflows to reduce mean time diagnosis and a corresponding mean time to repair (MTTR), optimize data sent to protocol analyzers and debugging tools, and improve overall network visibility with proactive scans and trend analysis.

The network security engineer can use the NPB to optimize the information flow to security tools and data recorders. This allows the engineers to better debug network anomalies and respond faster to security threats allowing them to minimize data theft and/or cyber attack damage.

If you are interested in learning more about Ixia’s network visibility and monitoring solutions and how we can help you get the most out of your tools, information on monitoring solutions, like the Ixia Anue Net Tool Optimizer, can be found on the Ixia website. You can also request a demo for the Ixia Anue Net Tool Optimizer and its capabilities.

Additional Resources:

Ixia Anue Net Tool Optimizer

White Paper: Automation: The Future of Network Visibility

Thanks to Ixia for the article. 

Mobile Network Optimization

Visibility Into Quality

What happens when we offload voice traffic to Wi-Fi? As user demand for high-quality anytime, anywhere communications continues growing exponentially, mobile providers are evolving core networks to higher capacity technologies such as 4G LTE. As they do so, mobile network optimization increasingly relies on detecting and preventing potential performance issues. Accomplishing this detection becomes even more challenging, given the expanding mix of tools, probes, interfaces, processes, functions, and servers involved in network monitoring and optimization.

Ixia’s network visibility solutions provide the ongoing data needed for mobile network optimization. They deliver a high-quality subscriber experience reliably and cost-effectively, despite the growing diversity of network technologies, user devices, and security threats. As operational complexity increases, network engineers at leading mobile service providers can leverage Ixia’s suite of network monitoring switches to ensure the end-to-end visibility needed to minimize OPX, sustain profitability, and safeguard quality and user satisfaction.

Ixia’s mobile network visibility solutions deliver:

  • Traffic optimized for monitoring
  • Automated troubleshooting to reduce MTTR
  • A breakthrough “drag and drop” GUI management interface that streamlines configuration
  • Expanded network monitoring capacity

Carrier-grade Mobile Network Capabilities

Ixia’s expanding suite of network visibility solutions offer a host of new capabilities that equip network engineers at telecommunications providers to achieve end-to-end network visibility—simply and efficiently. NEBS-compliant and suitable for 4G LTE packet cores, these solutions can enable such essential functions as connection of multiple network monitoring tools to a large number of 40GbE, 10GbE, and 1GbE interfaces (up to 16 40GbE ports or up to 64 10GbE ports) in an efficient form factor. Reflecting Ixia’s globally renowned monitoring innovation, these carrier-grade solutions offer such innovative features as:

  • MPLS and GTP filtering
  • Custom dynamic filtering to allow visibility into the first 128 bytes of packets
  • Uninterrupted access for high-availability network monitoring
  • NEBS certification that ensures robustness
  • Redundant, hot-swappable power supplies and fan modules
  • Local and remote alarm relay support
  • Emergency out-of-band reset
  • Intuitive drag-and-drop control panel
  • Aggregation of data from multiple network access points

Ixia provides telecommunications providers easy access to view end-to-end analyses of architected networks, validate field applications, and improve customer loyalty and support. They deliver the actionable insights needed to dynamically detect, avoid and address issues, Overall, Ixia’s robust end-to-end network visibility solutions allow engineers to evaluate and optimize network and application performance under diverse conditions, maximizing ROI and the quality of the user experience.

 

Ixia Anue NTO 7300 Ixia Anue GTP Session Controller
Net Tool Optimizers
Out-of-band traffic aggregation, filtering, dedup, load balancing
GTP Session Controller
Intelligent distribution and control of mobile network traffic

 

Thanks to Ixia for the article.

Application Intelligence For Your Monitoring Tools

Ixia Application Threat IntelligenceApplication intelligence (the ability to monitor packets based on application type and usage) is the next evolution in network visibility. It can be used to dynamically identify all applications running on a network. Distinct signatures for known and unknown applications can be identified, captured, and passed on to specialized monitoring tools in order to provide network managers a complete view of their network.

In addition, well-designed visibility solutions will gather additional (contextual) information on applications and users. Examples of this contextual information include: geo-location of application usage, network user types, operating systems, and browser types that are in use on the network.

With the number of applications used over service provider and enterprise networks rapidly increasing, application intelligence provides unprecedented visibility that enables IT organizations to identify unknown network applications. This level of insight helps mitigate network security threats from suspicious applications and locations. It also allows IT engineers to spot trends in application usage which can be used to predict, and then prevent, congestion.

The Application Intelligence portion of a network packet broker (NPB) is used in conjunction with other components (as part of a visibility architecture) to achieve this heightened level of visibility. For instance, a typical visibility solution has network access points (typically taps), the NPB that providing layer 2 through 4 filtering (in addition to the application filtering information), and dedicated purpose-built monitoring tools (like IPS, IDS, SIEMs, network analyzers, etc.). So, the application intelligence portion doesn’t function as an island but rather an integrated component of the overall visibility solution.

Ixia’s new Application and Threat Intelligence (ATI) Processor, built for the recently announced NTO 7300, brings intelligent functionality to the network packet broker landscape with its patent-pending technology that dynamically identifies all applications running on a network. This product gives IT organizations the insights needed to ensure the network works – every time and everywhere. This is the first visibility product of its kind that extends past layer 4 to layer 7, and provides rich data regarding the behavior and locations of users and applications in the network.

As new network security threats emerge, the ATI Processor helps IT improve their overall security with better intelligence for their existing security tools. The ATI Processor correlates applications with geography and can identify compromised devices and malicious activities such as Command and Control (CNC) communications from malicious botnet activities. IT organizations can now dynamically identify unknown applications, identify security threats from suspicious applications and locations, and even audit for security policy infractions – including the use of prohibited applications on the network or devices.

To learn more, please visit the ATI Processor product page, see our press release, or contact us to see a demo!

Additional Resources:

ATI Processor product page

Ixia NTO 7300

Ixia Visibility solutions

Press release

Thanks to Ixia for the article.

Ixia Network Visibility Operating System 4.2 General Availability

The Network Visibility Operating System (NVOS) v4.2 release is now available for download to current Net Tool Optimizer® (NTO) customers at the Ixia Customer Portal. Partners can find the MIBS files and user guide on Ixia Partner Portal product section.

This new software update supports the following NTO models: NTO 5288, NTO 5293, and ControlTower (NTO 5260, 5263 and 5268.)

What is New

  • Advanced Feature Module (AFM16) enhancements
  • Improved filter configuration capabilities enable more sophisticated filtering
    • Seamless integration of standard, MPLS, GTP and custom dynamic filtering
    • Support for Q-in-Q VLAN filtering
    • New “Pass by Criteria” filtering option for tool ports
  • New port configuration options enhance NTO deployment flexibility
    • Enable tool ports to stay up when there is no receive (RX) signal
    • Turn off the transmit side (TX) of network ports

– Please see the Release Notes for a complete list of new features and enhancements.

In addition, a new software update for the NTO 7300 series (NVOS 4.0.3) is generally available as well. This newest software release supports the ATI Processor and the Packet Capture Module.

Thanks to Ixia for the article.

ControlTower Gains FabricPath Stripping

Networking technology continues to evolve. An example of such evolution is the development of something called FabricPath. FabricPath was invented by Cisco® in, or about, 2010 for their Nexus line of switches (e.g., Nexus 7000 and Nexus 5500) as part of their 3.0 release of VMDC. The key benefit of this technology is that it eliminates the complexities of Spanning Tree Protocol (STP) and thereby enables the building of massively scalable and flexible data centers. To accomplish this, FabricPath adds a new header to the frames that enter the fabric. This encapsulation header contains the source and destination addresses.

fabricpath

Source = VMDC 3.0 Introduction

One of the challenges with the deployment of new encapsulation technologies such as FabricPath is that they create blind spots from a monitoring perspective. You need to be able to “un do” this encapsulation to prevent blind spots. The reason the blind spots will appear in your network is because any legacy monitoring tools will probably not understand the FabricPath headers. If they don’t understand the headers then they’ll either discard the packet or put aside in the buffer. In either case, a blind spot appears as certain data packets can’t be properly processed and analyzed. Therefore, the encapsulated traffic is effectively hidden from the monitoring tools.

The great news is that Ixia just released a solution to help you maintain visibility into a FabricPath encapsulated network traffic. Our new NVOS 4.2 software for the Ixia Anue Net Tool Optimizer (NTO) includes a new feature that enables you to strip off the FabricPath headers so your monitoring tools can continue to deliver visibility into the network.

In addition to the new FabricPath stripping capability, the NVOS 4.2 software release also supports other new features like:

  • Advanced Feature Module (AFM16) enhancements
  • Improved filter configuration capabilities that simplify more sophisticated filtering
  • User interface improvements that make it easier to work with hundreds of ports

More information about Ixia network performance, network security, and network visibility solutions, and how they can help generate the insight needed for your business, is available on the Ixia website.

Additional Resources:

Video: Network visibility solutions

Thanks to Ixia for the article.

Application Visibility—Going Beyond Network Visibility

Managing networks is no longer about bits, bytes, and packets, but about application behavior and user experience. Managing applications and user experience drives the need for deeper visibility into your network, which comes from making higher-value data available to your network monitoring tools.

Most network packet brokers offer functions that include granular filtering, load balancing, and deduplication, and some even have a packet capture/decode function. But Ixia’s solution goes beyond these data visibility functions to also offer advanced application intelligence.

Scott Register, Ixia Sr. Director, Product Management presented Ixia’s newest product offering that represents a fundamental shift in network packet broker functionality. Ixia’s new Application and Threat Intelligence Processor (ATIP) works with the company’s Net Tool Optimizer (NTO) to provide the real-time application traffic and metadata that is vital to garnering a complete picture of your network via external monitoring tools.

Users can see real-time application-level traffic and metadata through a web API, NetFlow/IxFlow, or an internal dashboard. Adding valuable application information to super-charge your monitoring tools, the ATIP delivers information such as: where users are located, what apps they are using, what handset they are using, and who is having an application failure–even for custom apps.

With the ATIP, your monitoring tools will have access to not just packets, but actionable application insight.

Check out Scott’s show-floor interview.

Application Visibility—Going Beyond Network Visibility

 

Thanks to Ixia for the article.

Ixia Advances Network Visibility with Real-Time Network and Application Intelligence

New Application and Threat Intelligence Processor delivers smart contextual metadata to monitoring tools enabling customers to make better decisions

ati-big

Ixia introduced its Application and Threat Intelligence (ATI) Processor, which enhances the network, application and security insights IT organizations get from their existing monitoring tools.

This is the first product of its kind and provides Ixia’s Visibility Architecture with the ability to provide real-time information about users and applications in any format needed – raw packets, filtered packets or metadata. With the number of valid and malicious applications rapidly increasing, this unprecedented visibility intelligence helps IT organizations within large enterprises and service providers to identify, locate and track network applications – including proprietary, mobile and malicious traffic.

News highlights

Ixia’s new ATI Processor for the NTO 7300 brings a new level of intelligence to the network packet broker. Distinct Application Fingerprints and a patent pending dynamic identification capability for unknown applications give network managers a complete view of their networks, including application success and failure tracking. By combining rich contextual information such as geo-location of application usage, handset or device type, operating system and browser type, the ATI Processor helps to identify suspicious activity such as unauthorized BYOD usage or business connections from untrusted locations.

Ixia customers can now leverage their monitoring tools in conjunction with the enhanced information provided by the ATI Processor to spot trends in application usage, user behavior and quality of service with more speed and accuracy. This unique insight can also resolve security concerns such as rapidly spotting Command and Control (CnC) traffic from infected systems and policy infractions from BYOD usage. Previously, IT administrators would have to piece together many independent streams of information in a tedious and error-prone process.

The ATI Processor is backed by the same industry-leading ATI program that fuels Ixia’s test equipment, which includes more than 245 applications and 35,000 malicious attacks and combines frequent Application Fingerprint updates with support of user-defined applications. The specialized hardware employed in the ATI Processor optimizes visibility performance by offloading DPI and metadata extraction, improving tool performance and delivering richer insight into network usage, problems and trends. This functionality delivers greater overall value to our customers.

ATI Processor features include:

  • Dynamic application intelligence capabilities to identify known, proprietary, and even unknown network applications.
  • Enhanced insight including geo-location, handset type, operating system, browser and other key user data.
  • Empirical data generation to identify bandwidth usage, trends and growth needs delivered via API or Ixia’s IxFlow extensions to NetFlow.

For more information watch the video describing the new ATI Processor.

Industry commentary

“The importance of understanding application performance, service quality and security integrity from the network perspective has been steadily rising in both enterprise and service provider settings,” said Jim Frey, EMA’s Vice President of Research, Network Management. “Such visibility is essential for timely assurance and protection of complex applications despite growing traffic volumes and increasing diversity in how end users and subscribers access applications and services. Options for DPI processing and identification at the packet access layer, such as Ixia’s new ATI Processor offering, means valuable flexibility for establishing and sustaining effective visibility.”

“Ixia’s ATI Processor takes the functionality and benefits of a network packet broker to a new level by providing WildPacket’s Network Analysis and Recorder appliances with not just packets, but rich data on applications, geography and users.” said Tim McCreery, president of WildPackets. “By offloading these vital CPU intensive tasks, WildPackets can provide even more real-time visibility into the entire network while recording high-speed traffic for advanced forensics. The joint solution allows customers faster troubleshooting, reduced time to resolution, and shorter network downtime.”

Thanks to Ixia for the article.

Comparing the use of Taps and Span Ports

What is a Tap?

Test Access Ports or Taps are primarily used to optimize ITs ability to easily and passively monitor a network link. They are normally placed between any two network devices, including switches, routers, and firewalls to provide network and security personnel a connection for monitoring devices. Protocol analyzers, RMON probes and intrusion detection and prevention systems can now be easily connected to and removed from the network when needed. By using a Tap, you also eliminate the need to schedule downtime to run cabling directly to the monitoring device from network devices, thus saving time and eliminating possible cabling issues.

network-tap-technologyAny monitoring device connected to a Tap receives the same traffic as if it were in-line, including all errors. This is achieved as the Tap duplicates all traffic on the link and forwards this to the monitoring port/s. Taps do not introduce delay, or alter the content or structure of the data. They also fail open so that traffic continues to flow between network devices in the event a monitoring device is removed or power to the device is lost.

Taps VS Span Ports

In contrast, the use of Span ports to monitor the network requires an engineer to configure the switch or switches. Switches also introduce mechanisms on ingress ports to eliminate corrupt packets or packets that are below a minimum size. The problem with this is that the monitoring device normally captures data within the egress segment.

In addition, switches may drop layer 1 and select layer 2 errors depending on what has been deemed as high priority. On the other hand, a Tap passes all data on a link, capturing everything needed to properly troubleshoot common physical layer problems, including bad frames that can be caused by a faulty NIC.

Real-time Accessibility

Taps are designed to pass through full duplex traffic at line rate non-blocking speeds. In contrast, the software architecture of low-end switches may introduce delay while packets are copied to the Span ports. As well, data being aggregated from 10/100 Mb ports to a gigabit port may also introduce signal delay.

Furthermore, accessing full-duplex traffic may also be constrained by using a Span port. For example, to capture the traffic from a 100 Mb link, a Span port would need 200 Mb of capacity. This simple oversight can cause problems, so a gigabit link is often required as a dedicated Span port.

It is also a common practice for network engineers to span VLANs across gigabit ports. In addition to the need for additional ports that may be available in one switch, it is often difficult to “combine” or match packets to a particular originating link. So while spanning a VLAN can be a great way to get an overall feel for network issues, pinpointing the source of actual problems may be difficult.

Some switches may have a problem processing normal network traffic depending on loads. Add the fact that the switch will also need to make decisions on what traffic to copy to a Span port and you may introduce performance issues for all traffic. Taps provide permanent and passive, zero delay alternatives.

Advantage Taps

Lastly, the use of Taps optimizes both network and personnel resources. Monitoring devices can be easily deployed when and where needed, and engineers do not need to re-cable a network link to monitor traffic or re-configure switches. The example in figure 1 illustrates a typical Tap deployment for one monitoring device. In contrast, a Tap that includes two monitoring ports eliminates the need for both the network and security teams to share the one Span port that may have been configured to capture traffic for monitoring devices. A regeneration Tap can simultaneously capture data from one link for four monitoring devices and aggregation Taps can simultaneously capture from multiple links to one monitoring device.

Thanks to Net Optics for the article.