Fields of Fiber

    Network Monitoring - TAP, SPAN or Something Better?

    Posted by Jonathan Reeves on Dec 16, 2015 4:17:09 PM
    Author Image
    Find me on:

    TAP  © Orla | Dreamstime.com - Faucet Tap Team PhotoIf there’s one thing that every IT administrator is looking for these days, it’s clear network visibility, which is imperative for maintaining a stable and secure data environment.

    Two technologies that IT professionals use for network visibility are test access ports (TAPs) and switched port analyzers (SPANs), the latter of which supports a process referred to as port mirroring.

    Here’s how these two technologies work:

    A TAP is a hardware device that is inserted into the network and connects to external traffic monitoring probes or security devices. This solution does not require additional switch ports, and allows for passive traffic monitoring across all layers right down to the physical layer. TAPs are typically available for port speeds of 1Gbps, 10 Gbps and 40 Gbps and add fairly significant cost to a datacenter implementation while requiring space and power. Furthermore, the TAP devices typically support a single speed requiring a costly upgrade each time the network is upgraded.

    Conversely, port mirroring involves connecting external traffic monitoring or security devices directly to the SPAN port of a switch or remote SPAN ports across a network. When port mirroring is enabled, packets flowing through a switch port are duplicated and sent to the SPAN port, typically both the RX and TX packet flow of the port are to be captured simultaneously, requiring twice the bandwidth of the port for accurate analysis.

    SPAN port monitoring approaches often require a parallel network to carry the mirrored traffic to centrally located test and security systems, adding significant cost and complexity. Also, unless sufficient bandwidth is available such approaches are subject to packet loss due to oversubscription, which may limit their value for security use cases.

    An Alternate Approach:

    Fiber Mountain’s Optical Path Exchange (OPX) provides an alternative to conventional TAP or SPAN approaches which eliminates the need for a parallel network. The OPX employs a low latency crosspoint architecture that can simultaneously route input port data to an arbitrary number of destinations (up to 160 10-Gbps ports per OPX, in a 1-RU form factor). The data replication occurs on a bit-by-bit basis with an industry leading low latency of approximately five nanoseconds and negligible skew across the original ports and replicated ports. As a result each port provides an accurate representation of the original data source.

    Figure-MonitorTAP_4.1.png

    OPX is an optical-electrical-optical (OEO) switch which is capable of routing any input port to any output port independent of protocol, allowing Ethernet, Fiberchannel, PCIe over Fiber and HDMI fiber applications to be supported. It may be managed via Rest API, Web interface or Fiber Mountain’s Allpath Director orchestration system.

    Allpath Director allows preconfigured port mapping profiles to be activated on demand which can automate complex test scenarios, for example all ports associated with a particular switch or specific bank of servers may be tapped with a single operation.

    Want to learn more about how your business can benefit from OPX? Click here for more information!

    Learn More about the Glass Core

    Topics: OPX, OEO, TAP and SPAN